]> xenbits.xensource.com Git - qemu-upstream-4.3-testing.git/commit
projects / qemu-upstream-4.3-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9b3d3a8) | patch
hpet: fix buffer overrun on invalid state load
authorMichael S. Tsirkin <mst@redhat.com>
Wed, 4 Mar 2015 16:39:58 +0000 (16:39 +0000)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Thu, 5 Mar 2015 13:14:56 +0000 (13:14 +0000)
commit857f258638f48ae390e98e9d161b402a86956459
treee6ca7cae49cda21214b60178e1db2dab6dfb39fetree
parent9b3d3a82d60e3834d7718508ae85cc7fe525ef14commit | diff
hpet: fix buffer overrun on invalid state load

CVE-2013-4527 hw/timer/hpet.c buffer overrun

hpet is a VARRAY with a uint8 size but static array of 32

To fix, make sure num_timers is valid using VMSTATE_VALID hook.

Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
hw/hpet.c diff | blob | history
Obsolete Upstream Qemu based repository for xen-unstable