qemu/hw
Prasad J Pandit d88d3a0938 net: mipsnet: check transmit buffer size before sending
When processing MIPSnet I/O port write operation, it uses a
transmit buffer tx_buffer[MAX_ETH_FRAME_SIZE=1514]. Two indices
's->tx_written' and 's->tx_count' are used to control data written
to this buffer. If the two were to be equal before writing, it'd
lead to an OOB write access beyond tx_buffer. Add check to avoid it.

Reported-by: Li Qiang <qiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2016-06-28 10:13:57 +08:00
..
9pfs trace: split out trace events for hw/9pfs/ directory 2016-06-20 17:22:16 +01:00
acpi pc: use new CPU hotplug interface since 2.7 machine type 2016-06-24 05:21:38 +03:00
alpha trace: split out trace events for hw/alpha/ directory 2016-06-20 17:22:17 +01:00
arm palmetto-bmc: Configure the SCU's hardware strapping register 2016-06-27 15:37:33 +01:00
audio -----BEGIN PGP SIGNATURE----- 2016-06-20 22:30:34 +01:00
block m25p80: Fix WINBOND fast read command handling 2016-06-27 15:37:34 +01:00
bt bt: rewrite csrhci_write to avoid out-of-bounds writes 2016-05-29 09:11:11 +02:00
char cadence_uart: Protect against transmit errors 2016-06-27 15:37:32 +01:00
core qdev: Use GList for global properties 2016-06-17 10:42:21 -03:00
cpu cpu: Abstract CPU core type 2016-06-17 16:33:48 +10:00
cris hw/char: QOM'ify etraxfs_ser.c 2016-05-29 09:11:10 +02:00
display milkymist: fix tmu2.c build failure (missing error.h include) 2016-06-21 13:25:09 +01:00
dma trace: split out trace events for hw/dma/ directory 2016-06-20 17:22:16 +01:00
gpio hw/gpio: QOM'ify zaurus.c 2016-06-14 15:59:13 +01:00
i2c hw/i2c-ddc.c: Implement DDC I2C slave 2016-06-14 15:59:15 +01:00
i386 pc: acpi: drop intermediate PCMachineState.node_cpu 2016-06-24 08:34:47 +03:00
ide error: Remove NULL checks on error_propagate() calls 2016-06-20 16:38:13 +02:00
input trace: split out trace events for hw/input/ directory 2016-06-20 17:22:15 +01:00
intc hw/intc/arm_gicv3: Add missing break 2016-06-27 15:37:32 +01:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi hw/ipmi: fix spelling 2016-06-07 18:02:48 +03:00
isa pc: acpi: introduce AcpiDeviceIfClass.madt_cpu hook 2016-06-24 05:21:16 +03:00
lm32 hw/char: QOM'ify milkymist-uart.c 2016-05-29 09:11:10 +02:00
m68k hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
mem nvdimm: support nvdimm label 2016-06-24 05:13:57 +03:00
microblaze hw/char: QOM'ify xilinx_uartlite model 2016-06-06 16:59:32 +01:00
mips mips: use MIPSCPU instead of CPUMIPSState 2016-05-19 16:42:27 +02:00
misc hw/misc: Add a model for the ASPEED System Control Unit 2016-06-27 15:37:33 +01:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net net: mipsnet: check transmit buffer size before sending 2016-06-28 10:13:57 +08:00
nvram trace: split out trace events for hw/nvram/ directory 2016-06-20 17:22:15 +01:00
openrisc hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
pci trace: split out trace events for hw/pci/ directory 2016-06-20 17:22:16 +01:00
pci-bridge fix some coding style problems 2016-06-17 03:28:03 +03:00
pci-host coccinelle: Remove unnecessary variables for function return value 2016-06-20 16:38:13 +02:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc qapi: keep names in 'CpuInstanceProperties' in sync with struct CPUCore 2016-06-27 13:15:06 +10:00
s390x virtio-ccw: convert to ioeventfd callbacks 2016-06-24 08:47:35 +03:00
scsi virtio-bus: remove old set_host_notifier callback 2016-06-24 08:47:35 +03:00
sd -----BEGIN PGP SIGNATURE----- 2016-06-20 22:30:34 +01:00
sh4 cpu: move exec-all.h inclusion out of cpu.h 2016-05-19 16:42:29 +02:00
smbios ipmi: Add SMBIOS table entry 2016-06-24 05:13:57 +03:00
sparc trace: split out trace events for hw/sparc/ directory 2016-06-20 17:22:16 +01:00
sparc64 util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
ssi hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
timer -----BEGIN PGP SIGNATURE----- 2016-06-20 22:30:34 +01:00
tpm tpm: Fix write to file descriptor function 2016-04-13 19:52:34 +03:00
tricore hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
unicore32 hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
usb usb-uas: hotplug support 2016-06-22 12:53:26 +02:00
vfio memory: Add reporting of supported page sizes 2016-06-22 11:13:09 +10:00
virtio virtio-bus: remove old set_host_notifier callback 2016-06-24 08:47:35 +03:00
watchdog nmi: remove x86 specific nmi handling 2016-05-23 16:53:46 +02:00
xen xen: move xen_sysdev to xen_backend.c 2016-06-22 11:28:42 +01:00
xenpv xen: move xen_sysdev to xen_backend.c 2016-06-22 11:28:42 +01:00
xtensa replace muldiv64(a, b, c) by (uint64_t)a * b / c 2016-06-07 18:02:49 +03:00
Makefile.objs Add a base IPMI interface 2015-12-22 18:39:19 +02:00