Changeset 104256 in vbox

Timestamp:

Apr 9, 2024 3:14:23 PM (8 months ago)

Author:

vboxsync

Message:

VMM/PGM: Initialize the return buffer before calling pfnHandler in pgmPhysReadHandler() if the caller is a device. bugref:10651

File:

trunk/src/VBox/VMM/VMMAll/PGMAllPhys.cpp

-              r103374
+              r104256
             /* Release the PGM lock as MMIO handlers take the IOM lock. (deadlock prevention) */
             PGM_UNLOCK(pVM);
+            /* If the access origins with a device, make sure the buffer is initialized
+               as a guard against leaking heap, stack and other info via badly written
+               MMIO handling. @bugref{10651} */
+            if (enmOrigin == PGMACCESSORIGIN_DEVICE)
+                memset(pvBuf, 0xff, cb);
             rcStrict = pfnHandler(pVM, pVCpu, GCPhys, (void *)pvSrc, pvBuf, cb, PGMACCESSTYPE_READ, enmOrigin, uUser);
             PGM_LOCK_VOID(pVM);

Note: See TracChangeset for help on using the changeset viewer.