Commit a56d305a authored Jan 25, 2013 by Peter Crosthwaite Committed by Edgar E. Iglesias Jan 27, 2013

m25p80.c: Return state to IDLE after COLLECTING

Default to moving back to the IDLE state after the COLLECTING_DATA
state. For a well behaved guest this patch has no consequence, but
A bad guest could crash QEMU by using one of the erase commands
followed by a longer than 5 byte argument (undefined behaviour).

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

parent 2f991adb

hw/m25p80.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -358,6 +358,8 @@ static void complete_collecting_data(Flash *s)
		s->cur_addr \|= s->data[1] << 8;
		s->cur_addr \|= s->data[2];

		s->state = STATE_IDLE;

		switch (s->cmd_in_progress) {
		case DPP:
		case QPP: