falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu-irix/hw/input
History
Michael S. Tsirkin 894f179e8d tsc210x: fix buffer overrun on invalid state load 
CVE-2013-4539

s->precision, nextprecision, function and nextfunction
come from wire and are used
as idx into resolution[] in TSC_CUT_RESOLUTION.

Validate after load to avoid buffer overrun.

Cc: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 5193be3be3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2014-07-20 22:05:55 -05:00
..
Makefile.objs hw: move timer devices to hw/timer/, configure with default-configs/ 2013-04-08 18:13:14 +02:00
adb.c
hid.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
lm832x.c lm832x: QOM'ify 2014-02-14 16:22:32 +01:00
milkymist-softusb.c milkymist-softusb: QOM cast cleanup 2013-07-29 21:06:57 +02:00
pckbd.c pckbd: return 'keyboard enabled' on read input port command 2014-03-09 21:09:38 +02:00
pl050.c pl050: QOM'ify pl050_keyboard and pl050_mouse 2013-07-29 21:06:57 +02:00
ps2.c
pxa2xx_keypad.c pxa27x: Add 'const' attribute to keyboard maps 2014-01-01 18:03:55 +04:00
stellaris_input.c arm: fix location of some include files 2013-04-15 15:16:01 +02:00
tsc210x.c tsc210x: fix buffer overrun on invalid state load 2014-07-20 22:05:55 -05:00
tsc2005.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
vmmouse.c isa: Clean up use of cannot_instantiate_with_device_add_yet 2013-12-23 00:27:23 +01:00