| commit | 9f91022f28dc092e3b3250823814e4b3191c51ed | |
| author | linzhecheng <linzhecheng@huawei.com> | |
| Wed, 28 Mar 2018 13:34:35 +0000 (28 21:34 +0800) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Mon, 9 Apr 2018 14:36:39 +0000 (9 16:36 +0200) | ||
| tree | 6caed76477a613e83385178fba166a8ea26eb33f | treesnapshot (tar.gz zip) |
| parent | c2b01cfec1f1426d95c27abacc3ea5b5fbb9a57e | commitdiff |
virtio-serial: fix heapover-flow
Check device having the feature of VIRTIO_CONSOLE_F_EMERG_WRITE before
get config->emerg_wr. It is neccessary because sizeof(virtio_console_config)
is 8 byte if VirtIOSerial doesn't have the feature of
VIRTIO_CONSOLE_F_EMERG_WRITE(see virtio_serial_device_realize),
read/write emerg_wr will lead to heap-over-flow.
Signed-off-by: linzhecheng <linzhecheng@huawei.com>
Message-Id: <20180328133435.20112-1-linzhecheng@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Check device having the feature of VIRTIO_CONSOLE_F_EMERG_WRITE before
get config->emerg_wr. It is neccessary because sizeof(virtio_console_config)
is 8 byte if VirtIOSerial doesn't have the feature of
VIRTIO_CONSOLE_F_EMERG_WRITE(see virtio_serial_device_realize),
read/write emerg_wr will lead to heap-over-flow.
Signed-off-by: linzhecheng <linzhecheng@huawei.com>
Message-Id: <20180328133435.20112-1-linzhecheng@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| hw/char/virtio-serial-bus.c | diffblobblamehistory |