[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 009/108] ahci: fix buffer overrun on invalid state l
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 009/108] ahci: fix buffer overrun on invalid state load |
Date: |
Wed, 6 Aug 2014 15:38:19 -0500 |
From: "Michael S. Tsirkin" <address@hidden>
CVE-2013-4526
Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So
we use the old version of ports to read the array but then allow any
value for ports. This can cause the code to overflow.
There's no reason to migrate ports - it never changes.
So just make sure it matches.
Reported-by: Anthony Liguori <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Juan Quintela <address@hidden>
(cherry picked from commit ae2158ad6ce0845b2fae2a22aa7f19c0d7a71ce5)
Signed-off-by: Michael Roth <address@hidden>
---
hw/ide/ahci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index bfe633f..457a7a1 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1293,7 +1293,7 @@ const VMStateDescription vmstate_ahci = {
VMSTATE_UINT32(control_regs.impl, AHCIState),
VMSTATE_UINT32(control_regs.version, AHCIState),
VMSTATE_UINT32(idp_index, AHCIState),
- VMSTATE_INT32(ports, AHCIState),
+ VMSTATE_INT32_EQUAL(ports, AHCIState),
VMSTATE_END_OF_LIST()
},
};
--
1.9.1
- [Qemu-devel] [000/108] Patch Round-up for stable 2.0.1, freeze on 2014-08-12, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 001/108] hw/net/stellaris_enet: Restructure tx_fifo code to avoid buffer overrun, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 003/108] vmstate: reduce code duplication, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 002/108] hw/net/stellaris_enet: Correct handling of packet padding, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 004/108] vmstate: add VMS_MUST_EXIST, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 008/108] virtio-net: out-of-bounds buffer write on load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 005/108] vmstate: add VMSTATE_VALIDATE, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 009/108] ahci: fix buffer overrun on invalid state load,
Michael Roth <=
- [Qemu-devel] [PATCH 006/108] virtio-net: fix buffer overflow on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 011/108] hw/pci/pcie_aer.c: fix buffer overruns on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 007/108] virtio-net: out-of-bounds buffer write on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 012/108] pl022: fix buffer overun on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 010/108] hpet: fix buffer overrun on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 013/108] vmstate: fix buffer overflow in target-arm/machine.c, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 015/108] virtio: validate num_sg when mapping, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 019/108] ssd0323: fix buffer overun on invalid state load, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 017/108] pxa2xx: avoid buffer overrun on incoming migration, Michael Roth, 2014/08/06
- [Qemu-devel] [PATCH 018/108] ssi-sd: fix buffer overrun on invalid state load, Michael Roth, 2014/08/06