| commit | a08aaff811fb194950f79711d2afe5a892ae03a4 | |
| author | Gonglei <arei.gonglei@huawei.com> | |
| Tue, 3 Jan 2017 06:50:03 +0000 (3 14:50 +0800) | ||
| committer | Michael S. Tsirkin <mst@redhat.com> | |
| Tue, 10 Jan 2017 03:56:58 +0000 (10 05:56 +0200) | ||
| tree | 4e7cc30b7d82c0494e7ae3dfdde88b69be332736 | treesnapshot (tar.gz zip) |
| parent | 8cdcf3c1e58d04b6811956d7608efeb66c42d719 | commitdiff |
virtio-crypto: fix possible integer and heap overflow
Because the 'size_t' type is 4 bytes in 32-bit platform, which
is the same with 'int'. It's easy to make 'max_len' to zero when
integer overflow and then cause heap overflow if 'max_len' is zero.
Using uint_64 instead of size_t to avoid the integer overflow.
Cc: qemu-stable@nongnu.org
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Tested-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Because the 'size_t' type is 4 bytes in 32-bit platform, which
is the same with 'int'. It's easy to make 'max_len' to zero when
integer overflow and then cause heap overflow if 'max_len' is zero.
Using uint_64 instead of size_t to avoid the integer overflow.
Cc: qemu-stable@nongnu.org
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Tested-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| hw/virtio/virtio-crypto.c | diffblobblamehistory |