Zheyu Ma 87511bb878 hw/gpio/aspeed: Add reg_table_count to AspeedGPIOClass ... ASan detected a global-buffer-overflow error in the aspeed_gpio_read() function. This issue occurred when reading beyond the bounds of the reg_table. To enhance the safety and maintainability of the Aspeed GPIO code, this commit introduces a reg_table_count member to the AspeedGPIOClass structure. This change ensures that the size of the GPIO register table is explicitly tracked and initialized, reducing the risk of errors if new register tables are introduced in the future. Reproducer: cat << EOF | qemu-system-aarch64 -display none \ -machine accel=qtest, -m 512M -machine ast1030-evb -qtest stdio readq 0x7e780272 EOF ASAN log indicating the issue: ==2602930==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55a5da29e128 at pc 0x55a5d700dc62 bp 0x7fff096c4e90 sp 0x7fff096c4e88 READ of size 2 at 0x55a5da29e128 thread T0 #0 0x55a5d700dc61 in aspeed_gpio_read hw/gpio/aspeed_gpio.c:564:14 #1 0x55a5d933f3ab in memory_region_read_accessor system/memory.c:445:11 #2 0x55a5d92fba40 in access_with_adjusted_size system/memory.c:573:18 #3 0x55a5d92f842c in memory_region_dispatch_read1 system/memory.c:1426:16 #4 0x55a5d92f7b68 in memory_region_dispatch_read system/memory.c:1459:9 #5 0x55a5d9376ad1 in flatview_read_continue_step system/physmem.c:2836:18 #6 0x55a5d9376399 in flatview_read_continue system/physmem.c:2877:19 #7 0x55a5d93775b8 in flatview_read system/physmem.c:2907:12 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2355 Signed-off-by: Zheyu Ma <zheyuma97@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>		2024-07-02 07:52:43 +02:00
..
authz	Prefer 'on' | 'off' over 'yes' | 'no' for bool options	2021-01-29 17:07:53 +00:00
block	block: remove separate bdrv_file_open callback	2024-06-28 14:44:51 +02:00
chardev	chardev: use bool for fe_is_open	2024-01-12 13:23:48 +00:00
crypto	crypto/block: drop qcrypto_block_open() n_threads argument	2024-06-10 11:05:43 +02:00
disas	disas: Use translator_st to get disassembly data	2024-05-15 08:55:19 +02:00
exec	exec: don't use void* in pointer arithmetic in headers	2024-06-28 14:44:51 +02:00
fpu	fpu: Add conversions between bfloat16 and [u]int8	2023-09-16 14:57:15 +00:00
gdbstub	gdbstub: move enums into separate header	2024-06-24 10:14:17 +01:00
hw	hw/gpio/aspeed: Add reg_table_count to AspeedGPIOClass	2024-07-02 07:52:43 +02:00
io	io: Introduce qio_channel_file_new_dupfd	2024-03-12 15:22:23 -04:00
libdecnumber	Replace config-time define HOST_WORDS_BIGENDIAN	2022-04-06 10:50:37 +02:00
migration	migration: Remove unused VMSTATE_ARRAY_TEST() macro	2024-06-21 14:37:58 -03:00
monitor	monitor: Remove obsolete stubs	2024-06-30 19:51:44 +03:00
net	net: Remove receive_raw()	2024-06-04 15:14:26 +08:00
qapi	include: move typeof_strip_qual to compiler.h, use it in QAPI_LIST_LENGTH()	2024-06-28 14:44:52 +02:00
qemu	include: move typeof_strip_qual to compiler.h, use it in QAPI_LIST_LENGTH()	2024-06-28 14:44:52 +02:00
qom	include/qom/object.h: New OBJECT_DEFINE_SIMPLE_TYPE{, _WITH_INTERFACES} macros	2024-02-27 13:01:42 +00:00
scsi	hw/ufs: Support for UFS logical unit	2023-09-07 14:01:29 -04:00
semihosting	exec/cpu: Extract page-protection definitions to page-protection.h	2024-05-06 11:17:15 +02:00
standard-headers	update-linux-headers: import linux/kvm_para.h header	2024-06-05 11:01:06 +02:00
sysemu	vfio queue:	2024-06-24 21:30:34 -07:00
tcg	tcg: Introduce TCG_TARGET_HAS_tst_vec	2024-05-22 19:05:21 -07:00
ui	ui+display: rename is_buffer_shared() -> surface_is_allocated()	2024-06-19 12:42:03 +02:00
user	user: Move 'thunk.h' from 'exec/user' to 'user'	2024-05-03 17:21:20 +02:00
elf.h	util: spelling fixes	2023-08-31 19:47:43 +02:00
glib-compat.h	Bump minimum glib version to v2.66	2024-05-14 12:46:24 +02:00
qemu-io.h	Include qemu-common.h exactly where needed	2019-06-12 13:20:20 +02:00
qemu-main.h	ui/cocoa: Run qemu_init in the main thread	2022-09-23 14:36:33 +02:00