falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu-irix/hw/block
History
Petr Matousek 959fad0ff1 fdc: force the fifo access to be in bounds of the allocated buffer 
During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.

Fix this by making sure that the index is always bounded by the
allocated memory.

This is CVE-2015-3456.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit e907746266)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2015-07-28 18:26:06 -05:00
..
dataplane virtio-blk: correctly dirty guest memory 2015-04-08 10:39:18 +01:00
Makefile.objs block: Always compile virtio-blk dataplane 2014-09-22 11:39:51 +01:00
block.c BlockConf: Call backend functions to detect geometry and blocksizes 2015-03-10 14:02:22 +01:00
cdrom.c bswap.h: Remove cpu_to_be32wu() 2013-11-05 19:57:47 -08:00
ecc.c savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
fdc.c fdc: force the fifo access to be in bounds of the allocated buffer 2015-07-28 18:26:06 -05:00
hd-geometry.c BlockConf: Call backend functions to detect geometry and blocksizes 2015-03-10 14:02:22 +01:00
m25p80.c hw: Mark devices picking up block backends actively FIXME 2015-04-02 15:26:27 +02:00
nand.c block: remove superfluous '\n' around error_report/error_setg 2015-03-10 08:15:33 +03:00
nvme.c nvme: Fix unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) 2015-03-27 10:01:12 +00:00
nvme.h nvme: 64kB page size fixes 2014-12-10 10:31:16 +01:00
onenand.c onenand: g_malloc() can't fail, bury dead error handling 2015-02-10 09:27:20 +03:00
pflash_cfi01.c hw: Propagate errors through qdev_prop_set_drive() 2015-03-10 11:18:23 +01:00
pflash_cfi02.c hw: Propagate errors through qdev_prop_set_drive() 2015-03-10 11:18:23 +01:00
tc58128.c shix: Don't require firmware presence for qtest 2013-11-05 17:47:29 +01:00
virtio-blk.c virtio-blk: correctly dirty guest memory 2015-04-08 10:39:18 +01:00
xen_blkif.h xen_disk: add discard support 2014-05-07 16:18:04 +00:00
xen_disk.c block/xen: Use blk_new_open() in blk_connect() 2015-02-16 15:07:18 +00:00