| commit | d8d0a0bc7e194300e53a346d25fe5724fd588387 | |
| author | Michael S. Tsirkin <mst@redhat.com> | |
| Thu, 3 Apr 2014 16:51:35 +0000 (3 19:51 +0300) | ||
| committer | Juan Quintela <quintela@redhat.com> | |
| Mon, 5 May 2014 20:15:02 +0000 (5 22:15 +0200) | ||
| tree | bd483570cd987b5157c25fde9c93dc34f76fd9a6 | treesnapshot (tar.gz zip) |
| parent | 5f691ff91d323b6f97c6600405a7f9dc115a0ad1 | commitdiff |
pl022: fix buffer overun on invalid state load
CVE-2013-4530
pl022.c did not bounds check tx_fifo_head and
rx_fifo_head after loading them from file and
before they are used to dereference array.
Reported-by: Michael S. Tsirkin <mst@redhat.com
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
CVE-2013-4530
pl022.c did not bounds check tx_fifo_head and
rx_fifo_head after loading them from file and
before they are used to dereference array.
Reported-by: Michael S. Tsirkin <mst@redhat.com
Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
| hw/ssi/pl022.c | diffblobblamehistory |