Changeset 83492 in vbox for trunk/src/VBox/Devices/Storage

Timestamp:

Mar 31, 2020 3:41:14 AM (5 years ago)

Author:

vboxsync

Message:

Storage/DevVirtioSCSI.cpp Add bounds checks for data read back from saved SSM state

File:

• trunk/src/VBox/Devices/Storage/DevVirtioSCSI.cpp (modified) (2 diffs)

trunk/src/VBox/Devices/Storage/DevVirtioSCSI.cpp

@@ -2010 +2010 @@
         uint16_t cReqsRedo;
         pHlp->pfnSSMGetU16(pSSM, &cReqsRedo);
+        if (cReqsRedo >= VIRTQ_MAX_SIZE)
+        {
+            LogFunc(("Bad count of I/O transactions to re-do in SSM state data. Skipping\n"));
+            continue;
+        }
 
         for (uint16_t qIdx = VIRTQ_REQ_BASE; qIdx < VIRTIOSCSI_QUEUE_CNT; qIdx++)
@@ -2024 +2029 @@
             pHlp->pfnSSMGetU16(pSSM, &uHeadIdx);
 
+            if (qIdx >= VIRTIOSCSI_QUEUE_CNT)
+            {
+                LogFunc(("Bad queue index in SSM state data. Skipping\n"));
+                continue;
+            }
+            if (uHeadIdx >= VIRTQ_MAX_SIZE)
+            {
+                LogFunc(("Bad queue elem index in SSM state data. Skipping\n"));
+                continue;
+            }
             PVIRTIOSCSIWORKERR3 pWorkerR3 = &pThisCC->aWorkers[qIdx];
             pWorkerR3->auRedoDescs[pWorkerR3->cRedoDescs++] = uHeadIdx;