falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu-irix/hw
History
Petr Matousek 959fad0ff1 fdc: force the fifo access to be in bounds of the allocated buffer 
During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.

Fix this by making sure that the index is always bounded by the
allocated memory.

This is CVE-2015-3456.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit e907746266)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2015-07-28 18:26:06 -05:00
..
9pfs 9pfs: Fix warnings from Sparse 2015-03-19 11:11:55 +03:00
acpi acpi: Add missing GCC_FMT_ATTR to local function 2015-03-25 13:39:24 +01:00
alpha alpha: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory 2015-04-10 14:15:18 +01:00
arm arm: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory 2015-04-08 17:30:36 +01:00
audio pcspk: Fix I/O port name 2015-04-04 09:45:59 +03:00
block fdc: force the fifo access to be in bounds of the allocated buffer 2015-07-28 18:26:06 -05:00
bt bt-sdp: fix broken uuids power-of-2 calculation 2015-07-28 17:46:44 -05:00
char sysbus: Make devices picking up backends unavailable with -device 2015-04-02 15:30:44 +02:00
core powerpc: fix -machine usb=no for newworld and pseries machines 2015-03-25 22:49:47 +01:00
cpu icc_bus: fix typo ICC_BRIGDE -> ICC_BRIDGE 2014-11-03 19:51:56 +03:00
cris cris: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory 2015-04-11 20:03:57 +10:00
display Fix remaining warnings from Sparse (void return) 2015-03-19 11:11:55 +03:00
dma omap: Fix warnings from Sparse 2015-03-19 11:11:55 +03:00
gpio omap: Fix warnings from Sparse 2015-03-19 11:11:55 +03:00
i2c pci: Trivial device model conversions to realize 2015-02-26 12:42:16 +01:00
i386 pc: acpi: fix pvpanic regression 2015-04-01 10:06:38 +02:00
ide AHCI: Protect cmd register 2015-03-27 15:48:11 -04:00
input adb.c: include ADBDevice parent state in KBDState and MouseState 2015-03-09 15:00:04 +01:00
intc target-i386: clear bsp bit when designating bsp 2015-04-02 15:57:27 +02:00
ipack pci: Trivial device model conversions to realize 2015-02-26 12:42:16 +01:00
isa hw: Mark devices picking up char backends actively FIXME 2015-04-02 15:30:28 +02:00
lm32 lm32: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory 2015-04-10 14:12:20 +01:00
m68k m68k: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory 2015-03-25 14:35:24 +01:00
mem pc-dimm: Add description for device list. 2015-03-19 11:17:36 +03:00
microblaze Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
mips mips: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory 2015-03-25 14:35:31 +01:00
misc omap: Fix warnings from Sparse 2015-03-19 11:11:55 +03:00
moxie memory: add parameter errp to memory_region_init_ram 2014-09-09 13:41:43 +02:00
net virtio-net: fix the upper bound when trying to delete queues 2015-07-28 18:22:35 -05:00
nvram fw_cfg: factor out initialization of FW_CFG_ID (rev. number) 2015-03-25 13:37:10 +01:00
openrisc hw/core/loader: implement address translation in uimage loader 2014-11-03 00:59:10 +03:00
pci pci: Fix crash with illegal "-net nic, model=xxx" option 2015-04-13 12:11:44 +01:00
pci-bridge pci, pc, virtio fixes and cleanups 2015-03-09 09:14:28 +00:00
pci-host mips: fix broken fulong2e machine 2015-04-17 12:11:48 +01:00
pcmcia hmp: Remove "info pcmcia" 2014-10-24 12:19:11 +01:00
ppc Bugfixes and making SCSI adapters IOMMU-friendly. 2015-03-26 17:33:35 +00:00
s390x s390x/ipl: avoid sign extension 2015-03-30 09:25:17 +02:00
scsi virtio-scsi-dataplane: fix memory leak for VirtIOSCSIVring 2015-03-26 14:23:16 +01:00
sd sysbus: Make devices picking up backends unavailable with -device 2015-04-02 15:30:44 +02:00
sh4 r2d: Don't use legacy -usbdevice support for setting up board 2015-02-18 10:53:10 +01:00
sparc sparc: memory: Replace memory_region_init_ram with memory_region_allocate_system_memory 2015-03-25 14:36:14 +01:00
sparc64 fw_cfg: factor out initialization of FW_CFG_ID (rev. number) 2015-03-25 13:37:10 +01:00
ssi omap: Fix warnings from Sparse 2015-03-19 11:11:55 +03:00
timer Fix remaining warnings from Sparse (void return) 2015-03-19 11:11:55 +03:00
tpm Fix remaining warnings from Sparse (void return) 2015-03-19 11:11:55 +03:00
tricore target-tricore: check return value before using it 2014-11-02 10:04:34 +03:00
unicore32 unicore32: Use uc32_cpu_init() 2015-03-10 17:07:28 +01:00
usb usb: fix usb-net segfault 2015-07-28 18:20:04 -05:00
vfio vfio: Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
virtio vhost: fix log base address 2015-04-20 09:27:01 +01:00
watchdog i6300esb: Fix signed integer overflow 2015-03-25 13:38:05 +01:00
xen xen: limit guest control of PCI command register 2015-04-09 23:37:21 +01:00
xenpv hw: Convert from BlockDriverState to BlockBackend, mostly 2014-10-20 14:02:25 +02:00
xtensa xtensa: Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
Makefile.objs vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio 2014-12-19 15:24:06 -07:00