falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu-irix/hw/timer
History
Petr Matousek 49ef542e41 i8254: fix out-of-bounds memory access in pit_ioport_read() 
Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.

Fix this by ignoring read from the Mode/Command register.

This is CVE-2015-3214.

Reported-by: Matt Tait <matttait@google.com>
Fixes: 0505bcdec8
Cc: qemu-stable@nongnu.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d4862a87e3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2015-07-29 18:40:21 -05:00
..
Makefile.objs stm32f2xx_timer: Add the stm32f2xx Timer 2015-03-11 13:21:05 +00:00
a9gtimer.c Fix remaining warnings from Sparse (void return) 2015-03-19 11:11:55 +03:00
allwinner-a10-pit.c
arm_mptimer.c vmstate: accept QEMUTimer in VMSTATE_TIMER*, add VMSTATE_TIMER_PTR* 2015-01-26 12:22:44 +01:00
arm_timer.c
cadence_ttc.c timer: cadence_ttc: Convert to instance_init 2014-06-29 18:38:40 +01:00
digic-timer.c
ds1338.c
etraxfs_timer.c
exynos4210_mct.c
exynos4210_pwm.c
exynos4210_rtc.c
grlib_gptimer.c
hpet.c vmstate: accept QEMUTimer in VMSTATE_TIMER*, add VMSTATE_TIMER_PTR* 2015-01-26 12:22:44 +01:00
i8254.c i8254: fix out-of-bounds memory access in pit_ioport_read() 2015-07-29 18:40:21 -05:00
i8254_common.c savevm: Remove all the unneeded version_minimum_id_old (x86) 2014-06-16 04:55:26 +02:00
imx_epit.c hw/timer/imx_*: fix TIMER_MAX clash with system symbol 2014-08-09 00:06:32 +04:00
imx_gpt.c hw/timer/imx_*: fix TIMER_MAX clash with system symbol 2014-08-09 00:06:32 +04:00
lm32_timer.c
m48t59.c m48t59: add m48t59 sysbus device 2015-03-10 09:18:56 +00:00
mc146818rtc.c Generalize QOM publishing of date and time from mc146818rtc.c 2015-03-09 14:59:55 +01:00
milkymist-sysctl.c
omap_gptimer.c omap: Fix warnings from Sparse 2015-03-19 11:11:55 +03:00
omap_synctimer.c
pl031.c
puv3_ost.c
pxa2xx_timer.c
sh_timer.c
slavio_timer.c
stm32f2xx_timer.c stm32f2xx_timer: Add the stm32f2xx Timer 2015-03-11 13:21:05 +00:00
tusb6010.c hw/timer: Move extern declaration from .c to .h file 2014-08-09 00:06:32 +04:00
twl92230.c
xilinx_timer.c timer: xilinx_timer: Convert to realize() 2014-06-09 00:33:02 +02:00