qemu/hw at 9201bb9a8c7cd3ba2382b7db5b2e40f603e61528 - qemu - SynapseOS git

mirrors/qemu

History

Alistair Francis 9201bb9a8c sdhci.c: Limit the maximum block size

It is possible for the guest to set an invalid block
size which is larger then the fifo_buffer[] array. This
could cause a buffer overflow.

To avoid this limit the maximum size of the blksize variable.

Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Peter Crosthwaite <crosthwaite.peter@gmail.com>
Message-id: abe4c51f513290bbb85d1ee271cb1a3d463d7561.1444067470.git.alistair.francis@xilinx.com
Suggested-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
Reported-by: Intel Security ATR <secure@intel.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>

2015-10-12 11:17:45 +01:00

..

…

…

Use DEFINE_MACHINE() to register all machines

2015-09-19 16:40:15 +02:00

arm: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:43 +02:00

typofixes - v4

2015-09-11 10:45:43 +03:00

block: switch from g_slice allocator to malloc

2015-10-12 11:17:45 +01:00

bt: remove muldiv64()

2015-09-25 14:56:22 +02:00

hw: char: Remove unnecessary variable

2015-10-08 19:46:47 +03:00

Use DEFINE_MACHINE() to register all machines

2015-09-19 16:40:15 +02:00

icc_bus: drop the unused files

2015-10-02 16:22:02 -03:00

cris: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:43 +02:00

Fix bad error handling after memory_region_init_ram()

2015-09-18 14:39:29 +02:00

* Support for jemalloc

2015-09-14 16:13:16 +01:00

i.MX: Add GPIO device

2015-09-14 14:39:49 +01:00

…

pc: check for underflow in load_linux

2015-10-08 19:46:01 +03:00

ahci: clean up initial d2h semantics

2015-09-18 10:58:56 -04:00

Fix bad error handling after memory_region_init_ram()

2015-09-18 14:39:29 +02:00

s/cpu_get_real_ticks/cpu_get_host_ticks/

2015-10-08 19:46:01 +03:00

…

…

lm32: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:43 +02:00

m68k: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:43 +02:00

pc-dimm: Fail realization for invalid nodes in non-NUMA config

2015-10-06 16:51:08 -03:00

mb: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:43 +02:00

* First batch of MAINTAINERS updates

2015-09-25 21:52:30 +01:00

mac_dbdma: always clear FLUSH bit once DBDMA channel flush is complete

2015-09-20 22:48:38 +02:00

moxie: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:43 +02:00

rocker: Use g_new() & friends where that makes obvious sense

2015-10-08 19:46:47 +03:00

maint: avoid useless "if (foo) free(foo)" pattern

2015-09-11 10:21:38 +03:00

* First batch of MAINTAINERS updates

2015-09-25 21:52:30 +01:00

Fix bad error handling after memory_region_init_ram()

2015-09-18 14:39:29 +02:00

…

PPC: e500 pci host: Fix ATMUs register reads

2015-09-20 22:48:39 +02:00

…

s/cpu_get_real_ticks/cpu_get_host_ticks/

2015-10-08 19:46:01 +03:00

s390x: rename io_subsystem_reset -> subsystem_reset

2015-10-02 13:31:52 +02:00

vhost-scsi: include linux/vhost.h

2015-09-25 12:04:41 +02:00

sdhci.c: Limit the maximum block size

2015-10-12 11:17:45 +01:00

Use DEFINE_MACHINE() to register all machines

2015-09-19 16:40:15 +02:00

…

sparc: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:44 +02:00

sparc: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:44 +02:00

…

hw: timer: Remove unnecessary variable

2015-10-08 19:46:47 +03:00

…

tricore: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:44 +02:00

Use DEFINE_MACHINE() to register all machines

2015-09-19 16:40:15 +02:00

libcacard: use the standalone project

2015-09-23 23:34:17 +02:00

vfio: Allow hotplug of containers onto existing guest IOMMU mappings

2015-10-05 12:39:47 -06:00

virtio dataplane: adapt dataplane for virtio Version 1

2015-10-12 11:16:45 +01:00

i6300esb: remove muldiv64()

2015-09-25 14:52:17 +02:00

typofixes - v4

2015-09-11 10:45:43 +03:00

Use DEFINE_MACHINE() to register all machines

2015-09-19 16:40:15 +02:00

xtensa: Remove ELF_MACHINE from cpu.h

2015-09-25 12:04:44 +02:00

Makefile.objs

…