]> xenbits.xensource.com Git - qemu-xen-4.4-testing.git/commit
projects / qemu-xen-4.4-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a03c5a7) | patch
fdc: force the fifo access to be in bounds of the allocated buffer
authorPetr Matousek <pmatouse@redhat.com>
Wed, 6 May 2015 07:48:59 +0000 (09:48 +0200)
committerIan Jackson <Ian.Jackson@eu.citrix.com>
Wed, 27 May 2015 15:56:01 +0000 (16:56 +0100)
commitc8c6ba08684f2fb8600df479b49c5511d6fed41a
tree37798de60a25c607c40e268294bc697ea6735d28tree
parenta03c5a74e1774aeabcda55ecbfb2887027787755commit | diff
fdc: force the fifo access to be in bounds of the allocated buffer

During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.

Fix this by making sure that the index is always bounded by the
allocated memory.

This is XSA-133 / CVE-2015-3456.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
(cherry picked from commit 4de1422ea306832b6ef2cba34e9febb73dd139a7)
(cherry picked from commit e42b84cf1c524d017208b981c7749dc5945dda72)
hw/fdc.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.