vmw_pvscsi: check page count while initialising descriptor rings - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Prasad J Pandit	2016-08-31 08:49:29 +0200
committer	Paolo Bonzini	2016-09-13 19:08:46 +0200
commit	7f61f4690dd153be98900a2a508b88989e692753 (patch)
tree	22d6c3e4fd3a9aa96fddc028633690fd5f196e9b /scripts/switch-timer-api
parent	scsi-disk: change disk serial length from 20 to 36 (diff)
download	qemu-7f61f4690dd153be98900a2a508b88989e692753.tar.gz qemu-7f61f4690dd153be98900a2a508b88989e692753.tar.xz qemu-7f61f4690dd153be98900a2a508b88989e692753.zip

vmw_pvscsi: check page count while initialising descriptor rings

Vmware Paravirtual SCSI emulation uses command descriptors to process SCSI commands. These descriptors come with their ring buffers. A guest could set the page count for these rings to an arbitrary value, leading to infinite loop or OOB access. Add check to avoid it. Reported-by: Tom Victor <vv474172261@gmail.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Message-Id: <1472626169-12989-1-git-send-email-ppandit@redhat.com> Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Diffstat (limited to 'scripts/switch-timer-api')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: