vmstate: fix buffer overflow in target-arm/machine.c - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Michael S. Tsirkin	2014-04-03 18:51:42 +0200
committer	Juan Quintela	2014-05-05 22:15:02 +0200
commit	d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62 (patch)
tree	2804cfea3f62670d6be57eb102ad929f0a843581 /hw/timer/etraxfs_timer.c
parent	pl022: fix buffer overun on invalid state load (diff)
download	qemu-d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62.tar.gz qemu-d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62.tar.xz qemu-d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62.zip

vmstate: fix buffer overflow in target-arm/machine.c

CVE-2013-4531 cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for cpreg_vmstate_array_len will cause a buffer overflow. VMSTATE_INT32_LE was supposed to protect against this but doesn't because it doesn't validate that input is non-negative. Fix this macro to valide the value appropriately. The only other user of VMSTATE_INT32_LE doesn't ever use negative numbers so it doesn't care. Reported-by: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>

Diffstat (limited to 'hw/timer/etraxfs_timer.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: