fdc: force the fifo access to be in bounds of the allocated buffer
During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.
Fix this by making sure that the index is always bounded by the
allocated memory.
This is XSA-133 / CVE-2015-3456.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
(cherry picked from commit
4de1422ea306832b6ef2cba34e9febb73dd139a7)
(cherry picked from commit
e42b84cf1c524d017208b981c7749dc5945dda72)
(cherry picked from commit
c8c6ba08684f2fb8600df479b49c5511d6fed41a)
(cherry picked from commit
c545d0dfcc5ab5e69d0eabc14ec101293236055c)
projects / qemu-xen-4.2-testing.git / commit