]> xenbits.xensource.com Git - qemu-upstream-unstable.git/commit
projects / qemu-upstream-unstable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6a47d1e) | patch
fdc: force the fifo access to be in bounds of the allocated buffer
authorPetr Matousek <pmatouse@redhat.com>
Wed, 6 May 2015 07:48:59 +0000 (09:48 +0200)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Wed, 13 May 2015 14:28:25 +0000 (14:28 +0000)
commitb2da824bc5ad35fb9f1e74a203d7be96a7b0345e
tree9c0c3487c094437b2964e284c79aae8e4b7f0f5dtree
parent6a47d1ef7af7f5df35986b5084ce61a2255b649ecommit | diff
fdc: force the fifo access to be in bounds of the allocated buffer

During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.

Fix this by making sure that the index is always bounded by the
allocated memory.

This is CVE-2015-3456.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
hw/block/fdc.c diff | blob | blame | history
Obsolete Upstream Qemu based repository for xen-unstable