VirtualBox

source: vbox/trunk/src/VBox/Devices/Storage/VSCSI/VSCSISgBuf.cpp@ 37808

Last change on this file since 37808 was 35062, checked in by vboxsync, 14 years ago

VSCSI: Fix read beyond end of S/G array

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 3.0 KB
Line 
1/* $Id: VSCSISgBuf.cpp 35062 2010-12-14 11:05:57Z vboxsync $ */
2/** @file
3 * Virtual SCSI driver: S/G list handling
4 */
5
6/*
7 * Copyright (C) 2006-2010 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17#define LOG_GROUP LOG_GROUP_VSCSI
18#include <VBox/log.h>
19#include <iprt/assert.h>
20#include <iprt/string.h>
21
22#include "VSCSIInternal.h"
23
24
25void vscsiIoMemCtxInit(PVSCSIIOMEMCTX pIoMemCtx, PCRTSGSEG paDataSeg, size_t cSegments)
26{
27 if (RT_UNLIKELY(!cSegments))
28 {
29 pIoMemCtx->paDataSeg = NULL;
30 pIoMemCtx->cSegments = 0;
31 pIoMemCtx->iSegIdx = 0;
32 pIoMemCtx->pbBuf = NULL;
33 pIoMemCtx->cbBufLeft = 0;
34 }
35 else
36 {
37 pIoMemCtx->paDataSeg = paDataSeg;
38 pIoMemCtx->cSegments = cSegments;
39 pIoMemCtx->iSegIdx = 0;
40 pIoMemCtx->pbBuf = (uint8_t *)paDataSeg[0].pvSeg;
41 pIoMemCtx->cbBufLeft = paDataSeg[0].cbSeg;
42 }
43}
44
45
46uint8_t *vscsiIoMemCtxGetBuffer(PVSCSIIOMEMCTX pIoMemCtx, size_t *pcbData)
47{
48 size_t cbData = RT_MIN(*pcbData, pIoMemCtx->cbBufLeft);
49 uint8_t *pbBuf = pIoMemCtx->pbBuf;
50
51 if ( pbBuf
52 && cbData)
53 {
54 pIoMemCtx->cbBufLeft -= cbData;
55
56 /* Advance to the next segment if required. */
57 if (!pIoMemCtx->cbBufLeft)
58 {
59 pIoMemCtx->iSegIdx++;
60
61 if (RT_UNLIKELY(pIoMemCtx->iSegIdx == pIoMemCtx->cSegments))
62 {
63 pIoMemCtx->cbBufLeft = 0;
64 pIoMemCtx->pbBuf = NULL;
65 }
66 else
67 {
68 pIoMemCtx->pbBuf = (uint8_t *)pIoMemCtx->paDataSeg[pIoMemCtx->iSegIdx].pvSeg;
69 pIoMemCtx->cbBufLeft = pIoMemCtx->paDataSeg[pIoMemCtx->iSegIdx].cbSeg;
70 }
71 }
72 else
73 pIoMemCtx->pbBuf += cbData;
74 }
75
76 *pcbData = cbData;
77
78 return pbBuf;
79}
80
81
82size_t vscsiCopyToIoMemCtx(PVSCSIIOMEMCTX pIoMemCtx, uint8_t *pbData, size_t cbData)
83{
84 size_t cbLeft = cbData;
85
86 while (cbLeft)
87 {
88 size_t cbCopy = cbLeft;
89 uint8_t *pbBuf = vscsiIoMemCtxGetBuffer(pIoMemCtx, &cbCopy);
90
91 if (!cbCopy)
92 break;
93
94 memcpy(pbBuf, pbData, cbCopy);
95
96 cbLeft -= cbCopy;
97 pbData += cbCopy;
98 }
99
100 return cbData - cbLeft;
101}
102
103
104size_t vscsiCopyFromIoMemCtx(PVSCSIIOMEMCTX pIoMemCtx, uint8_t *pbData, size_t cbData)
105{
106 size_t cbLeft = cbData;
107
108 while (cbLeft)
109 {
110 size_t cbCopy = cbData;
111 uint8_t *pbBuf = vscsiIoMemCtxGetBuffer(pIoMemCtx, &cbCopy);
112
113 if (!cbCopy)
114 break;
115
116 memcpy(pbData, pbBuf, cbCopy);
117
118 cbData -= cbCopy;
119 pbData += cbCopy;
120 }
121
122 return cbData - cbLeft;
123}
124
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette