| commit | 5193be3be35f29a35bc465036cd64ad60d43385f | |
| author | Michael S. Tsirkin <mst@redhat.com> | |
| Thu, 3 Apr 2014 16:52:09 +0000 (3 19:52 +0300) | ||
| committer | Juan Quintela <quintela@redhat.com> | |
| Mon, 5 May 2014 20:15:02 +0000 (5 22:15 +0200) | ||
| tree | 953551d2084760ed33b61ffa6b306d2dc214c172 | treesnapshot (tar.gz zip) |
| parent | ead7a57df37d2187813a121308213f41591bd811 | commitdiff |
tsc210x: fix buffer overrun on invalid state load
CVE-2013-4539
s->precision, nextprecision, function and nextfunction
come from wire and are used
as idx into resolution[] in TSC_CUT_RESOLUTION.
Validate after load to avoid buffer overrun.
Cc: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
CVE-2013-4539
s->precision, nextprecision, function and nextfunction
come from wire and are used
as idx into resolution[] in TSC_CUT_RESOLUTION.
Validate after load to avoid buffer overrun.
Cc: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
| hw/input/tsc210x.c | diffblobblamehistory |