qemu/hw
linzhecheng d434e5ac5d virtio-serial: fix heap-over-flow
Check device having the feature of VIRTIO_CONSOLE_F_EMERG_WRITE before
get config->emerg_wr. It is neccessary because sizeof(virtio_console_config)
is 8 byte if VirtIOSerial doesn't have the feature of
VIRTIO_CONSOLE_F_EMERG_WRITE(see virtio_serial_device_realize),
read/write emerg_wr will lead to heap-over-flow.

Signed-off-by: linzhecheng <linzhecheng@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2018-04-09 17:35:46 +03:00
..
9pfs 9p: fix leak in synth_name_to_path() 2018-02-19 18:27:32 +01:00
acpi virt_arm: acpi: reuse common build_fadt() 2018-03-13 23:09:50 +02:00
adc Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
alpha hw/alpha/dp264: Use the TYPE_SMC37C669_SUPERIO 2018-03-12 16:12:49 +01:00
arm mach-virt: Set VM's SMBIOS system version to mc->name 2018-03-23 18:26:46 +00:00
audio hw/audio: Fix crashes when devices are used on ISA bus without DMA 2018-03-26 14:37:13 +02:00
block vhost-user-blk: set config ops before vhost-user init 2018-04-09 17:35:45 +03:00
bt hw/bt: Replace fprintf(stderr, "*\n" with error_report() 2018-01-22 09:51:00 +01:00
char virtio-serial: fix heap-over-flow 2018-04-09 17:35:46 +03:00
core Use cpu_create(type) instead of cpu_init(cpu_model) 2018-03-19 14:10:36 -03:00
cpu hw: use "qemu/osdep.h" as first #include in source files 2017-12-18 17:07:02 +03:00
cris cris: use generic cpu_model parsing 2017-10-27 16:03:54 +02:00
display secondary-vga: properly close QemuConsole on unplug 2018-03-13 11:17:29 -06:00
dma hw/dma/i8257: Rename DMA_init() to i8257_dma_init() 2018-03-12 16:12:48 +01:00
gpio Replace all occurances of __FUNCTION__ with __func__ 2018-01-22 09:46:18 +01:00
hppa hw/hppa: Use qemu_log_mask instead of fprintf to stderr 2018-02-04 14:11:03 -08:00
i2c hw/i2c-ddc: Do not fail writes 2018-03-01 11:05:45 +00:00
i386 multiboot: Check validity of mh_header_addr 2018-03-21 15:13:25 +01:00
ide macio: fix NULL pointer dereference when issuing IDE trim 2018-03-27 00:38:00 -04:00
input hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h 2018-03-12 16:12:48 +01:00
intc hw/intc/arm_gicv3: Fix secure-GIC NS ICC_PMR and ICC_RPR accesses 2018-03-23 18:26:45 +00:00
ipack pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
ipmi qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
isa virtio,vhost,pci,pc: features, cleanups 2018-03-20 15:48:34 +00:00
lm32 hw/lm32: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:26 +01:00
m68k m68k: mcf5208: use generic cpu_model parsing 2017-10-27 16:03:54 +02:00
mem qmp: distinguish PC-DIMM and NVDIMM in MemoryDeviceInfoList 2018-03-20 03:34:52 +02:00
microblaze xlnx-zynqmp-pmu: Connect the IPI device to the PMU 2018-01-26 11:09:09 +01:00
mips hw/isa/vt82c686: Add the TYPE_VT82C686B_SUPERIO 2018-03-12 16:12:49 +01:00
misc hw/misc/macio: Mark the macio devices with user_creatable = false 2018-03-18 18:27:23 +11:00
moxie hw/moxie: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:26 +01:00
net Miscellaenous bugfixes, including crash fixes from Alexey, Peter M. and 2018-03-26 15:17:25 +01:00
nios2 nios2: 10m50_devboard: replace cpu_model with cpu_type 2018-03-19 14:09:44 -03:00
nvram Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
openrisc hw/openrisc: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:26 +01:00
pci virtio,vhost,pci,pc: features, cleanups 2018-03-20 15:48:34 +00:00
pci-bridge virtio,vhost,pci,pc: features, fixes and cleanups 2018-02-13 16:33:31 +00:00
pci-host pci: Add support for Designware IP block 2018-03-09 17:09:43 +00:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc virtio,vhost,pci,pc: features, cleanups 2018-03-20 15:48:34 +00:00
rdma hw/rdma: Fix 32-bit compilation 2018-03-23 18:38:55 +03:00
riscv RISC-V Build Infrastructure 2018-03-07 08:30:28 +13:00
s390x hw/s390x: fix memory leak in s390_init_ipl_dev() 2018-04-03 10:03:38 +02:00
scsi scsi: turn "is this a SCSI device?" into a conditional hint 2018-03-26 14:37:15 +02:00
sd sdhci: fix incorrect use of Error * 2018-03-23 18:26:45 +00:00
sh4 pci: Rename root bus initialization functions for clarity 2017-12-05 19:13:45 +02:00
smbios Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
sparc hw/dma/i8257: Rename DMA_init() to i8257_dma_init() 2018-03-12 16:12:48 +01:00
sparc64 hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h 2018-03-12 16:12:48 +01:00
ssi xilinx_spips: Use 8 dummy cycles with the QIOR/QIOR4 commands 2018-03-01 11:05:44 +00:00
timer qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
tpm tpm: CRB: Enforce locality is requested before processing buffer 2018-03-29 17:41:02 -04:00
tricore hw: Do not include "sysemu/block-backend.h" if it is not necessary 2018-03-12 16:12:46 +01:00
unicore32 hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h 2018-03-12 16:12:48 +01:00
usb usbredir: reorder fields in USBRedirDevice to reduce padding 2018-03-12 11:43:49 +01:00
vfio ppc/spapr, vfio: Turn off MSIX emulation for VFIO devices 2018-03-13 11:17:31 -06:00
virtio vhost: Allow adjoining regions 2018-04-09 17:35:46 +03:00
watchdog qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
xen virtio,vhost,pci,pc: features, fixes and cleanups 2018-02-13 16:33:31 +00:00
xenpv hw/xen*: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:46 +01:00
xtensa Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
Makefile.objs hw/rdma: Add wrappers and macros 2018-02-19 13:03:24 +02:00