| commit | 34bc07c5282a631c2663ae1ded0a186f46f64612 | |
| author | Sebastian Krahmer <krahmer@suse.de> | |
| Mon, 15 Sep 2014 16:40:07 +0000 (15 18:40 +0200) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Fri, 31 Oct 2014 16:02:07 +0000 (31 17:02 +0100) | ||
| tree | d1f353ba01de082bd983f54206f449ae7c657271 | treesnapshot (tar.gz zip) |
| parent | 363ba1c72fed4425e7917afc36722584aaeaad8a | commitdiff |
ivshmem: Fix potential OOB r/w access
Fix OOB access via malformed incoming_posn parameters
and check that requested memory is actually alloc'ed.
Signed-off-by: Sebastian Krahmer <krahmer@suse.de>
[AF: Rebased, cleanups, avoid fd leak]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Fix OOB access via malformed incoming_posn parameters
and check that requested memory is actually alloc'ed.
Signed-off-by: Sebastian Krahmer <krahmer@suse.de>
[AF: Rebased, cleanups, avoid fd leak]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| hw/misc/ivshmem.c | diffblobblamehistory |