mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw/timer
History
Petr Matousek d4862a87e3 i8254: fix out-of-bounds memory access in pit_ioport_read() 
Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.

Fix this by ignoring read from the Mode/Command register.

This is CVE-2015-3214.

Reported-by: Matt Tait <matttait@google.com>
Fixes: 0505bcdec8228d8de39ab1a02644e71999e7c052
Cc: qemu-stable@nongnu.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17 16:03:47 +02:00
..
a9gtimer.c
Fix remaining warnings from Sparse (void return)
2015-03-19 11:11:55 +03:00
allwinner-a10-pit.c
arm_mptimer.c
arm_timer.c
hw/timer/arm_timer.c: Fix misusing qemu_allocate_irqs for single irq
2015-06-03 14:21:24 +03:00
cadence_ttc.c
digic-timer.c
ds1338.c
etraxfs_timer.c
exynos4210_mct.c
exynos4210_pwm.c
exynos4210_rtc.c
grlib_gptimer.c
hpet.c
migration: Use normal VMStateDescriptions for Subsections
2015-06-12 06:53:57 +02:00
i8254_common.c
i8254.c
i8254: fix out-of-bounds memory access in pit_ioport_read()
2015-06-17 16:03:47 +02:00
imx_epit.c
imx_gpt.c
lm32_timer.c
m48t59.c
m48t59: add m48t59 sysbus device
2015-03-10 09:18:56 +00:00
Makefile.objs
stm32f2xx_timer: Add the stm32f2xx Timer
2015-03-11 13:21:05 +00:00
mc146818rtc.c
migration: Use normal VMStateDescriptions for Subsections
2015-06-12 06:53:57 +02:00
milkymist-sysctl.c
omap_gptimer.c
omap: Fix warnings from Sparse
2015-03-19 11:11:55 +03:00
omap_synctimer.c
pl031.c
puv3_ost.c
pxa2xx_timer.c
sh_timer.c
slavio_timer.c
stm32f2xx_timer.c
stm32f2xx_timer: Add the stm32f2xx Timer
2015-03-11 13:21:05 +00:00
tusb6010.c
twl92230.c
xilinx_timer.c