diff options
| author | Shannon Zhao | 2018-05-31 15:50:53 +0200 |
|---|---|---|
| committer | Peter Maydell | 2018-05-31 17:32:35 +0200 |
| commit | 6e3e723966197463117642d8a5fd7b4f6446e510 (patch) | |
| tree | 3fbefd8ee42e9271f2c2e0ccc1b3183c7bb5e5d1 /hw/hppa/dino.c | |
| parent | vmstate.h: Provide VMSTATE_BOOL_SUB_ARRAY (diff) | |
| download | qemu-6e3e723966197463117642d8a5fd7b4f6446e510.tar.gz qemu-6e3e723966197463117642d8a5fd7b4f6446e510.tar.xz qemu-6e3e723966197463117642d8a5fd7b4f6446e510.zip | |
ARM: ACPI: Fix use-after-free due to memory realloc
acpi_data_push uses g_array_set_size to resize the memory size. If there
is no enough contiguous memory, the address will be changed. So previous
pointer could not be used any more. It must update the pointer and use
the new one.
Also, previous codes wrongly use le32 conversion of iort->node_offset
for subsequent computations that will result incorrect value if host is
not litlle endian. So use the non-converted one instead.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 1527663951-14552-1-git-send-email-zhaoshenglong@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/hppa/dino.c')
0 files changed, 0 insertions, 0 deletions