qemu/hw/block
Petr Matousek e907746266 fdc: force the fifo access to be in bounds of the allocated buffer
During processing of certain commands such as FD_CMD_READ_ID and
FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could
get out of bounds leading to memory corruption with values coming
from the guest.

Fix this by making sure that the index is always bounded by the
allocated memory.

This is CVE-2015-3456.

Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
2015-05-12 18:52:57 -04:00
..
dataplane virtio-blk: correctly dirty guest memory 2015-04-08 10:39:18 +01:00
block.c BlockConf: Call backend functions to detect geometry and blocksizes 2015-03-10 14:02:22 +01:00
cdrom.c
ecc.c
fdc.c fdc: force the fifo access to be in bounds of the allocated buffer 2015-05-12 18:52:57 -04:00
hd-geometry.c BlockConf: Call backend functions to detect geometry and blocksizes 2015-03-10 14:02:22 +01:00
m25p80.c m25p80: fix s->blk usage before assignment 2015-04-28 15:36:09 +02:00
Makefile.objs
nand.c
nvme.c Enable NVMe start controller for Windows guest. 2015-04-30 15:35:26 +02:00
nvme.h
onenand.c
pflash_cfi01.c
pflash_cfi02.c
tc58128.c
virtio-blk.c misc: Fix new collection of typos 2015-04-30 16:05:48 +03:00
xen_blkif.h
xen_disk.c