]> xenbits.xensource.com Git - qemu-upstream-4.2-testing.git/commit
projects / qemu-upstream-4.2-testing.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b1a5844) | patch
hpet: fix buffer overrun on invalid state load
authorMichael S. Tsirkin <mst@redhat.com>
Wed, 4 Mar 2015 16:40:25 +0000 (16:40 +0000)
committerStefano Stabellini <stefano.stabellini@eu.citrix.com>
Thu, 5 Mar 2015 13:15:25 +0000 (13:15 +0000)
commitd05d97d465db38decd37b7f93013d9331fb5ed2b
tree0729c68ada6354dee8b2cfd7cff44259481afd34tree
parentb1a58443260fdd2a1a50f673905f76bfbfddf72bcommit | diff
hpet: fix buffer overrun on invalid state load

CVE-2013-4527 hw/timer/hpet.c buffer overrun

hpet is a VARRAY with a uint8 size but static array of 32

To fix, make sure num_timers is valid using VMSTATE_VALID hook.

Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
hw/hpet.c diff | blob | history
Obsolete Upstream Qemu based repository for xen-unstable