Changeset 81845 in vbox

Timestamp:

Nov 14, 2019 6:27:56 PM (5 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

134639

Message:

DevATA: Be paranoid about the I/O buffer accesses. [fixes] bugref:9218

File:

• trunk/src/VBox/Devices/Storage/DevATA.cpp (modified) (3 diffs)

trunk/src/VBox/Devices/Storage/DevATA.cpp

@@ -1655 +1655 @@
     uint32_t cbToRead = cSectors * cbSector;
     Assert(pvBuf == &s->abIOBuffer[0]);
-    AssertReturn(cbToRead <= sizeof(s->abIOBuffer), VERR_BUFFER_OVERFLOW);
+    AssertReturnStmt(cbToRead <= sizeof(s->abIOBuffer), *pfRedo = false, VERR_BUFFER_OVERFLOW);
 
     ataR3LockLeave(pCtl);
@@ -1687 +1687 @@
     uint32_t cbToWrite = cSectors * cbSector;
     Assert(pvBuf == &s->abIOBuffer[0]);
-    AssertReturn(cbToWrite <= sizeof(s->abIOBuffer), VERR_BUFFER_OVERFLOW);
+    AssertReturnStmt(cbToWrite <= sizeof(s->abIOBuffer), *pfRedo = false, VERR_BUFFER_OVERFLOW);
 
     ataR3LockLeave(pCtl);
@@ -2143 +2143 @@
                     break;
             }
-            AssertLogRelReturn(pbBuf - &s->abIOBuffer[0] + cbCurrTX <= sizeof(s->abIOBuffer), false);
+            AssertLogRelReturn((uintptr_t)(pbBuf - &s->abIOBuffer[0]) + cbCurrTX <= sizeof(s->abIOBuffer), false);
             rc = s->pDrvMedia->pfnSendCmd(s->pDrvMedia, aATAPICmd, ATAPI_PACKET_SIZE, (PDMMEDIATXDIR)s->uTxDir,
                                           pbBuf, &cbCurrTX, abATAPISense, sizeof(abATAPISense), 30000 /**< @todo timeout */);