mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
32,465 Commits 50 Branches 394 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael S. Tsirkin 52f91c3723 zaurus: fix buffer overrun on invalid state load 
CVE-2013-4540

Within scoop_gpio_handler_update, if prev_level has a high bit set, then
we get bit > 16 and that causes a buffer overrun.

Since prev_level comes from wire indirectly, this can
happen on invalid state load.

Similarly for gpio_level and gpio_dir.

To fix, limit to 16 bit.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
audio
backends
backends/baum.c: Fix compilation when SDL is not available.
2014-03-24 17:47:29 +00:00
block
curl: Fix hang reading from slow connections
2014-04-30 16:34:21 +02:00
bsd-user
cpu: Move opaque field from CPU_COMMON to CPUState
2014-03-13 19:20:47 +01:00
default-configs
usb: mtp filesharing
2014-04-23 10:28:14 +02:00
disas
libvixl: Fix format strings for several int64_t values
2014-03-10 14:56:29 +00:00
docs
vga: add secondary stdvga variant
2014-05-01 16:02:45 +01:00
dtc @ bc895d6d09
fpu
softfloat: Introduce float32_to_uint64_round_to_zero
2014-04-08 11:20:00 +02:00
fsdev
virtfs-proxy-helper: fix call to accept
2014-04-28 08:55:32 +04:00
gdb-xml
hw
zaurus: fix buffer overrun on invalid state load
2014-05-05 22:15:02 +02:00
include
virtio-net: fix buffer overflow on invalid state load
2014-05-05 14:15:10 +02:00
libcacard
Add a 'name' parameter to qemu_thread_create
2014-03-09 21:09:38 +02:00
linux-headers
linux-headers update
2014-04-25 12:59:57 +02:00
linux-user
target-arm: Define exception record for AArch64 exceptions
2014-04-17 21:34:03 +01:00
net
trivial patches for 2014-04-28
2014-04-28 13:43:17 +01:00
pc-bios
Add QEMU logo (SVG file)
2014-04-28 08:55:31 +04:00
pixman @ 97336fad32
po
po: add proper Language: tags to .po files
2014-04-28 08:55:32 +04:00
qapi
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
qga
qga: trivial fix for unclear documentation of guest-set-time
2014-04-18 10:33:36 +04:00
qobject
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
qom
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
roms
pseries: Update SLOF firmware image to qemu-slof-20140404
2014-04-08 11:20:00 +02:00
scripts
scripts: add sample model file for Coverity Scan
2014-04-18 10:33:36 +04:00
slirp
slirp: Remove default_mon usage
2014-04-25 09:19:58 -04:00
stubs
qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED
2014-04-25 09:19:59 -04:00
sysconfigs/target
target-alpha
target-alpha: Remove cpu_unique, cpu_sysval, cpu_usp
2014-04-17 11:47:42 -07:00
target-arm
target-arm: Correct a comment refering to EL0
2014-05-01 15:24:46 +01:00
target-cris
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-i386
target-i386: reorder fields in cpu/msr_hyperv_hypercall subsection
2014-04-05 10:49:05 +01:00
target-lm32
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-m68k
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-microblaze
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-mips
target-mips: Avoid shifting left into sign bit
2014-03-27 19:22:49 +04:00
target-moxie
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-openrisc
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-ppc
ppc: use kvm_vcpu_enable_cap()
2014-04-30 14:39:58 +02:00
target-s390x
s390x: use kvm_vcpu_enable_cap()
2014-04-30 14:39:49 +02:00
target-sh4
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-sparc
target-sparc: fix 32bit integer division overflow
2014-03-26 23:40:40 +00:00
target-unicore32
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-xtensa
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
tcg
tcg-sparc: Accept stores of zero
2014-04-28 11:06:35 -07:00
tests
Block patches
2014-05-02 10:50:58 +01:00
trace
osdep: initialize glib threads in all QEMU tools
2014-03-25 13:39:31 +01:00
ui
gtk: collection of fixes and cleanups by Cole Robinson
2014-05-01 14:17:33 +01:00
util
trivial patches for 2014-04-28
2014-04-28 13:43:17 +01:00
.exrc
.gitignore
gitignore: cleanups #2
2014-04-28 08:55:31 +04:00
.gitmodules
Add OpenHack'Ware submodule
2014-03-12 17:26:32 +01:00
.mailmap
.travis.yml
.travis.yml: add IRC notifications for build failures
2014-03-15 13:54:18 +04:00
aio-posix.c
aio-win32.c
arch_init.c
XBZRLE: Fix qemu crash when resize the xbzrle cache
2014-03-08 22:22:34 +01:00
async.c
aio: add aio_context_acquire() and aio_context_release()
2014-03-13 14:42:24 +01:00
balloon.c
block-migration.c
block: Handle error of bdrv_getlength in bdrv_create_dirty_bitmap
2014-04-22 11:57:02 +02:00
block.c
block: Fix open_flags in bdrv_reopen()
2014-04-30 11:05:00 +02:00
blockdev-nbd.c
blockdev.c
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
2014-04-28 12:56:34 +01:00
blockjob.c
qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED
2014-04-25 09:19:59 -04:00
bt-host.c
bt-vhci.c
Changelog
CODING_STYLE
CODING_STYLE: Section about mixed declarations
2014-03-27 19:22:49 +04:00
configure
configure: Re-run make if gtkabi/sdlabi is changed
2014-04-29 10:46:30 +02:00
COPYING
COPYING.LIB
coroutine-gthread.c
coroutine-sigaltstack.c
coroutine-ucontext.c
coroutine-win32.c
cpu-exec.c
cpu-exec: Unlock tb_lock if we longjmp out of code generation
2014-04-04 18:29:25 +01:00
cpus.c
misc: Use cpu_physical_memory_read and cpu_physical_memory_write
2014-04-27 13:04:18 +04:00
cputlb.c
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
device_tree.c
device-hotplug.c
hw/boards: Convert current_machine to MachineState
2014-03-12 20:13:02 +01:00
disas.c
dma-helpers.c
dma-helpers: Initialize DMAAIOCB in_cancel flag
2014-04-04 19:36:39 +02:00
dump.c
exec.c
exec: Fix CPU rework fallout
2014-03-19 19:47:15 +01:00
gdbstub.c
exec: Change cpu_breakpoint_{insert,remove{,_by_ref,_all}} argument
2014-03-13 19:20:48 +01:00
HACKING
hmp-commands.hx
HMP: support specifying dump format for dump-guest-memory
2014-04-25 11:18:33 -04:00
hmp.c
HMP: support specifying dump format for dump-guest-memory
2014-04-25 11:18:33 -04:00
hmp.h
monitor: Add device_add and device_del completion.
2014-04-25 09:37:12 -04:00
iohandler.c
ioport.c
iothread.c
iothread: make IOThread struct definition public
2014-04-04 20:48:02 +02:00
kvm-all.c
Revert "fix return check for KVM_GET_DIRTY_LOG ioctl"
2014-04-14 15:40:02 +01:00
kvm-stub.c
Revert "KVM: Split QEMUMachine typedef into separate header"
2014-03-13 03:49:48 +01:00
LICENSE
main-loop.c
main-loop: Suppress "I/O thread spun" warnings for qtest
2014-03-13 21:36:50 +01:00
MAINTAINERS
MAINTAINERS: Add qemu-img/io to block subsystem
2014-04-25 18:05:05 +02:00
Makefile
Makefile: add qga-vss-dll-obj-y to nested variables
2014-04-07 14:39:19 -05:00
Makefile.objs
iothread: add I/O thread object
2014-03-13 14:42:24 +01:00
Makefile.target
memory_mapping.c
memory.c
memory_region_present: return false if address is not found in child MemoryRegion
2014-03-09 21:09:37 +02:00
migration-exec.c
migration-fd.c
migration-rdma.c
migration-tcp.c
migration-unix.c
migration.c
migration: add more traces
2014-03-27 15:19:00 +05:30
module-common.c
monitor.c
monitor: fix qmp_getfd() fd leak in error case
2014-04-25 11:41:41 -04:00
nbd.c
os-posix.c
oslib-posix: Fix build on FreeBSD
2014-03-13 14:34:16 +00:00
os-win32.c
page_cache.c
qapi-schema.json
block: Expose host_* drivers in blockdev-add
2014-04-25 18:05:06 +02:00
qdev-monitor.c
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
qdict-test-data.txt
qemu-bridge-helper.c
qemu-char.c
char: restore read callback on a reattached (hotplug) chardev
2014-03-13 10:33:45 +01:00
qemu-coroutine-io.c
qemu-coroutine-lock.c
qemu-coroutine-sleep.c
qemu-coroutine.c
qemu-doc.texi
doc: grammify "allows to"
2014-04-18 10:33:36 +04:00
qemu-file.c
migration: add more traces
2014-03-27 15:19:00 +05:30
qemu-img-cmds.hx
qemu-img.c
block: Add '--version' option to qemu-img
2014-04-29 10:36:35 +02:00
qemu-img.texi
qemu-io-cmds.c
qemu-io-cmds: Fixed typo in example for writev.
2014-03-19 09:39:41 +01:00
qemu-io.c
block: Add errp to bdrv_new()
2014-04-22 12:00:20 +02:00
qemu-log.c
qemu-nbd.c
block: Add errp to bdrv_new()
2014-04-22 12:00:20 +02:00
qemu-nbd.texi
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx
trivial patches for 2014-04-28
2014-04-28 13:43:17 +01:00
qemu-seccomp.c
seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist
2014-04-25 14:52:03 -03:00
qemu-tech.texi
qemu-timer.c
qemu.nsi
qemu.sasl
sasl: Avoid 'Could not find keytab file' in syslog
2014-03-15 13:54:18 +04:00
qmp-commands.hx
virtio-net: add vlan receive state to RxFilterInfo
2014-03-26 12:49:10 +02:00
qmp.c
qmp: object-add: Validate class before creating object
2014-04-25 11:08:34 -04:00
qtest.c
README
rules.mak
rules.mak: Fix per object libs extraction
2014-03-17 13:21:11 +01:00
savevm.c
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
spice-qemu-char.c
tcg-runtime.c
tci.c
tci: Mask shift counts to avoid undefined behavior
2014-04-18 16:57:36 -07:00
thread-pool.c
Add a 'name' parameter to qemu_thread_create
2014-03-09 21:09:38 +02:00
thunk.c
tpm.c
trace-events
s390x/kvm: rework KVM synchronize to tracing for some ONEREGS
2014-04-25 12:59:57 +02:00
translate-all.c
page_check_range: don't bail out early after unprotecting page
2014-04-04 18:16:03 +01:00
translate-all.h
translate-all: Change tb_check_watchpoint() argument to CPUState
2014-03-13 19:20:48 +01:00
user-exec.c
tcg-aarch64: Properly detect SIGSEGV writes
2014-04-16 12:12:32 -04:00
VERSION
Open 2.1 development tree
2014-04-17 20:39:32 +01:00
version.rc
vl.c
vl: avoid closing stdout with 'writeconfig'
2014-04-28 08:55:31 +04:00
vmstate.c
vmstate: fix buffer overflow in target-arm/machine.c
2014-05-05 22:15:02 +02:00
xbzrle.c
xbzrle.c: Avoid undefined behaviour with signed arithmetic
2014-04-18 10:33:36 +04:00
xen-all.c
xen-mapcache.c
xen-stub.c

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team
Description
No description provided
Readme 404 MiB
Languages
C 82.6%
C++ 6.5%
Python 3.4%
Dylan 2.9%
Shell 1.6%
Other 2.8%