]> xenbits.xensource.com Git - qemu-upstream-4.4-testing.git/commit
projects / qemu-upstream-4.4-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dee7bab) | patch
ahci: fix buffer overrun on invalid state load
authorMichael S. Tsirkin <mst@redhat.com>
Thu, 3 Apr 2014 16:51:18 +0000 (19:51 +0300)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Wed, 4 Mar 2015 16:31:18 +0000 (16:31 +0000)
commitae056609dde45499b937b5bd542de9b206a4cc8a
tree3fcd6ff5ff645831c987e529008304630eb9f290tree
parentdee7babbcc9277a63c1aa0cfd6424e6464a30b3acommit | diff
ahci: fix buffer overrun on invalid state load

CVE-2013-4526

Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded.  So
we use the old version of ports to read the array but then allow any
value for ports.  This can cause the code to overflow.

There's no reason to migrate ports - it never changes.
So just make sure it matches.

Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Juan Quintela <quintela@redhat.com>
hw/ide/ahci.c diff | blob | history
Obsolete Upstream Qemu based repository for xen-4.4-testing