From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:32809)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ronniesahlberg@gmail.com>) id 1SpDGh-0004cQ-AJ
	for qemu-devel@nongnu.org; Thu, 12 Jul 2012 02:53:00 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ronniesahlberg@gmail.com>) id 1SpDGg-0004SS-Ev
	for qemu-devel@nongnu.org; Thu, 12 Jul 2012 02:52:55 -0400
Received: from mail-pb0-f45.google.com ([209.85.160.45]:37877)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ronniesahlberg@gmail.com>) id 1SpDGg-0004SO-8F
	for qemu-devel@nongnu.org; Thu, 12 Jul 2012 02:52:54 -0400
Received: by pbbro12 with SMTP id ro12so3442971pbb.4
	for <qemu-devel@nongnu.org>; Wed, 11 Jul 2012 23:52:53 -0700 (PDT)
From: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Date: Thu, 12 Jul 2012 16:52:46 +1000
Message-Id: <1342075967-26378-1-git-send-email-ronniesahlberg@gmail.com>
Subject: [Qemu-devel] [PATCH] SCSI improved LBA-out-of-range checks
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: pbonzini@redhat.com, qemu-devel@nongnu.org


Paolo, List

Please find a small patch to the scsi emulation.
This patch improves the checkign that the requested lbas are all available.
We check both that lba+len is not going past the end of the device
but also if    lba+len < lba

This second condition could occur for deviously crafted scsi packets where
lba is set to 0xffffffffffffffff  and len is set to 2
in which case lba+len would wrap to 1