mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
32,462 Commits 50 Branches 394 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael S. Tsirkin caa881abe0 pxa2xx: avoid buffer overrun on incoming migration 
CVE-2013-4533

s->rx_level is read from the wire and used to determine how many bytes
to subsequently read into s->rx_fifo[]. If s->rx_level exceeds the
length of s->rx_fifo[] the buffer can be overrun with arbitrary data
from the wire.

Fix this by validating rx_level against the size of s->rx_fifo.

Cc: Don Koch <dkoch@verizon.com>
Reported-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Don Koch <dkoch@verizon.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
audio
backends
backends/baum.c: Fix compilation when SDL is not available.
2014-03-24 17:47:29 +00:00
block
curl: Fix hang reading from slow connections
2014-04-30 16:34:21 +02:00
bsd-user
default-configs
usb: mtp filesharing
2014-04-23 10:28:14 +02:00
disas
docs
vga: add secondary stdvga variant
2014-05-01 16:02:45 +01:00
dtc @ bc895d6d09
fpu
softfloat: Introduce float32_to_uint64_round_to_zero
2014-04-08 11:20:00 +02:00
fsdev
virtfs-proxy-helper: fix call to accept
2014-04-28 08:55:32 +04:00
gdb-xml
hw
pxa2xx: avoid buffer overrun on incoming migration
2014-05-05 22:15:02 +02:00
include
virtio-net: fix buffer overflow on invalid state load
2014-05-05 14:15:10 +02:00
libcacard
linux-headers
linux-headers update
2014-04-25 12:59:57 +02:00
linux-user
target-arm: Define exception record for AArch64 exceptions
2014-04-17 21:34:03 +01:00
net
trivial patches for 2014-04-28
2014-04-28 13:43:17 +01:00
pc-bios
Add QEMU logo (SVG file)
2014-04-28 08:55:31 +04:00
pixman @ 97336fad32
po
po: add proper Language: tags to .po files
2014-04-28 08:55:32 +04:00
qapi
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
qga
qga: trivial fix for unclear documentation of guest-set-time
2014-04-18 10:33:36 +04:00
qobject
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
qom
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
roms
pseries: Update SLOF firmware image to qemu-slof-20140404
2014-04-08 11:20:00 +02:00
scripts
scripts: add sample model file for Coverity Scan
2014-04-18 10:33:36 +04:00
slirp
slirp: Remove default_mon usage
2014-04-25 09:19:58 -04:00
stubs
qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED
2014-04-25 09:19:59 -04:00
sysconfigs/target
target-alpha
target-alpha: Remove cpu_unique, cpu_sysval, cpu_usp
2014-04-17 11:47:42 -07:00
target-arm
target-arm: Correct a comment refering to EL0
2014-05-01 15:24:46 +01:00
target-cris
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-i386
target-i386: reorder fields in cpu/msr_hyperv_hypercall subsection
2014-04-05 10:49:05 +01:00
target-lm32
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-m68k
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-microblaze
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-mips
target-mips: Avoid shifting left into sign bit
2014-03-27 19:22:49 +04:00
target-moxie
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-openrisc
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-ppc
ppc: use kvm_vcpu_enable_cap()
2014-04-30 14:39:58 +02:00
target-s390x
s390x: use kvm_vcpu_enable_cap()
2014-04-30 14:39:49 +02:00
target-sh4
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-sparc
target-sparc: fix 32bit integer division overflow
2014-03-26 23:40:40 +00:00
target-unicore32
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
target-xtensa
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
tcg
tcg-sparc: Accept stores of zero
2014-04-28 11:06:35 -07:00
tests
Block patches
2014-05-02 10:50:58 +01:00
trace
osdep: initialize glib threads in all QEMU tools
2014-03-25 13:39:31 +01:00
ui
gtk: collection of fixes and cleanups by Cole Robinson
2014-05-01 14:17:33 +01:00
util
trivial patches for 2014-04-28
2014-04-28 13:43:17 +01:00
.exrc
.gitignore
gitignore: cleanups #2
2014-04-28 08:55:31 +04:00
.gitmodules
.mailmap
.travis.yml
.travis.yml: add IRC notifications for build failures
2014-03-15 13:54:18 +04:00
aio-posix.c
aio-win32.c
arch_init.c
async.c
balloon.c
block-migration.c
block: Handle error of bdrv_getlength in bdrv_create_dirty_bitmap
2014-04-22 11:57:02 +02:00
block.c
block: Fix open_flags in bdrv_reopen()
2014-04-30 11:05:00 +02:00
blockdev-nbd.c
blockdev.c
Merge remote-tracking branch 'remotes/qmp-unstable/queue/qmp' into staging
2014-04-28 12:56:34 +01:00
blockjob.c
qerror.h: Replace QERR_NOT_SUPPORTED with QERR_UNSUPPORTED
2014-04-25 09:19:59 -04:00
bt-host.c
bt-vhci.c
Changelog
CODING_STYLE
CODING_STYLE: Section about mixed declarations
2014-03-27 19:22:49 +04:00
configure
configure: Re-run make if gtkabi/sdlabi is changed
2014-04-29 10:46:30 +02:00
COPYING
COPYING.LIB
coroutine-gthread.c
coroutine-sigaltstack.c
coroutine-ucontext.c
coroutine-win32.c
cpu-exec.c
cpu-exec: Unlock tb_lock if we longjmp out of code generation
2014-04-04 18:29:25 +01:00
cpus.c
misc: Use cpu_physical_memory_read and cpu_physical_memory_write
2014-04-27 13:04:18 +04:00
cputlb.c
cputlb: Change tlb_set_page() argument to CPUState
2014-03-13 19:52:47 +01:00
device_tree.c
device-hotplug.c
disas.c
dma-helpers.c
dma-helpers: Initialize DMAAIOCB in_cancel flag
2014-04-04 19:36:39 +02:00
dump.c
exec.c
exec: Fix CPU rework fallout
2014-03-19 19:47:15 +01:00
gdbstub.c
HACKING
hmp-commands.hx
HMP: support specifying dump format for dump-guest-memory
2014-04-25 11:18:33 -04:00
hmp.c
HMP: support specifying dump format for dump-guest-memory
2014-04-25 11:18:33 -04:00
hmp.h
monitor: Add device_add and device_del completion.
2014-04-25 09:37:12 -04:00
iohandler.c
ioport.c
iothread.c
iothread: make IOThread struct definition public
2014-04-04 20:48:02 +02:00
kvm-all.c
Revert "fix return check for KVM_GET_DIRTY_LOG ioctl"
2014-04-14 15:40:02 +01:00
kvm-stub.c
LICENSE
main-loop.c
main-loop: Suppress "I/O thread spun" warnings for qtest
2014-03-13 21:36:50 +01:00
MAINTAINERS
MAINTAINERS: Add qemu-img/io to block subsystem
2014-04-25 18:05:05 +02:00
Makefile
Makefile: add qga-vss-dll-obj-y to nested variables
2014-04-07 14:39:19 -05:00
Makefile.objs
Makefile.target
memory_mapping.c
memory.c
migration-exec.c
migration-fd.c
migration-rdma.c
migration-tcp.c
migration-unix.c
migration.c
migration: add more traces
2014-03-27 15:19:00 +05:30
module-common.c
monitor.c
monitor: fix qmp_getfd() fd leak in error case
2014-04-25 11:41:41 -04:00
nbd.c
os-posix.c
os-win32.c
page_cache.c
qapi-schema.json
block: Expose host_* drivers in blockdev-add
2014-04-25 18:05:06 +02:00
qdev-monitor.c
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
qdict-test-data.txt
qemu-bridge-helper.c
qemu-char.c
qemu-coroutine-io.c
qemu-coroutine-lock.c
qemu-coroutine-sleep.c
qemu-coroutine.c
qemu-doc.texi
doc: grammify "allows to"
2014-04-18 10:33:36 +04:00
qemu-file.c
migration: add more traces
2014-03-27 15:19:00 +05:30
qemu-img-cmds.hx
qemu-img.c
block: Add '--version' option to qemu-img
2014-04-29 10:36:35 +02:00
qemu-img.texi
qemu-io-cmds.c
qemu-io-cmds: Fixed typo in example for writev.
2014-03-19 09:39:41 +01:00
qemu-io.c
block: Add errp to bdrv_new()
2014-04-22 12:00:20 +02:00
qemu-log.c
qemu-nbd.c
block: Add errp to bdrv_new()
2014-04-22 12:00:20 +02:00
qemu-nbd.texi
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx
trivial patches for 2014-04-28
2014-04-28 13:43:17 +01:00
qemu-seccomp.c
seccomp: add shmctl(), mlock(), and munlock() to the syscall whitelist
2014-04-25 14:52:03 -03:00
qemu-tech.texi
qemu-timer.c
qemu.nsi
qemu.sasl
sasl: Avoid 'Could not find keytab file' in syslog
2014-03-15 13:54:18 +04:00
qmp-commands.hx
virtio-net: add vlan receive state to RxFilterInfo
2014-03-26 12:49:10 +02:00
qmp.c
qmp: object-add: Validate class before creating object
2014-04-25 11:08:34 -04:00
qtest.c
README
rules.mak
rules.mak: Fix per object libs extraction
2014-03-17 13:21:11 +01:00
savevm.c
qerror.h: Remove QERR defines that are only used once
2014-04-25 09:19:59 -04:00
spice-qemu-char.c
tcg-runtime.c
tci.c
tci: Mask shift counts to avoid undefined behavior
2014-04-18 16:57:36 -07:00
thread-pool.c
thunk.c
tpm.c
trace-events
s390x/kvm: rework KVM synchronize to tracing for some ONEREGS
2014-04-25 12:59:57 +02:00
translate-all.c
page_check_range: don't bail out early after unprotecting page
2014-04-04 18:16:03 +01:00
translate-all.h
user-exec.c
tcg-aarch64: Properly detect SIGSEGV writes
2014-04-16 12:12:32 -04:00
VERSION
Open 2.1 development tree
2014-04-17 20:39:32 +01:00
version.rc
vl.c
vl: avoid closing stdout with 'writeconfig'
2014-04-28 08:55:31 +04:00
vmstate.c
vmstate: fix buffer overflow in target-arm/machine.c
2014-05-05 22:15:02 +02:00
xbzrle.c
xbzrle.c: Avoid undefined behaviour with signed arithmetic
2014-04-18 10:33:36 +04:00
xen-all.c
xen-mapcache.c
xen-stub.c

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team
Description
No description provided
Readme 404 MiB
Languages
C 82.6%
C++ 6.5%
Python 3.4%
Dylan 2.9%
Shell 1.6%
Other 2.8%