qemu/intc at d99598cc9929ad6993ad3d19d9b1ec1d891f0d7f - qemu - SynapseOS git

mirrors/qemu

History

Michael Roth 73d963c0a7 openpic: avoid buffer overrun on incoming migration

CVE-2013-4534

opp->nb_cpus is read from the wire and used to determine how many
IRQDest elements to read into opp->dst[]. If the value exceeds the
length of opp->dst[], MAX_CPU, opp->dst[] can be overrun with arbitrary
data from the wire.

Fix this by failing migration if the value read from the wire exceeds
MAX_CPU.

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

2014-05-05 22:15:03 +02:00

..

allwinner-a10-pic.c

allwinner-a10-pic: fix behaviour of pending register

2014-04-17 21:34:06 +01:00

apic_common.c

trace: add workaround for SystemTap PR13296

2014-04-01 20:08:25 +02:00

apic.c

misc: Use cpu_physical_memory_read and cpu_physical_memory_write

2014-04-27 13:04:18 +04:00

arm_gic_common.c

arm_gic: Add GICC_APRn state to the GICState

2014-02-08 14:50:48 +00:00

arm_gic_kvm.c

misc: Fix typos in comments

2014-03-15 13:54:18 +04:00

arm_gic.c

hw/intc/arm_gic: Fix NVIC assertion failure

2014-02-20 10:35:48 +00:00

armv7m_nvic.c

armv7m_nvic: fix CPUID Base Register

2014-05-01 15:24:44 +01:00

etraxfs_pic.c

hw: cannot_instantiate_with_device_add_yet due to pointer props

2013-12-24 17:27:17 +01:00

exynos4210_combiner.c

hw/intc/exynos4210_combiner: Don't overrun output_irq array in init

2014-02-26 17:19:58 +00:00

exynos4210_gic.c

exynos4210_gic: QOM cast cleanup for exynos4210.irq_gate

2013-07-29 21:06:57 +02:00

gic_internal.h

hw/intc/arm_gic: Fix GIC_SET_LEVEL

2014-02-26 17:19:59 +00:00

grlib_irqmp.c

hw: cannot_instantiate_with_device_add_yet due to pointer props

2013-12-24 17:27:17 +01:00

heathrow_pic.c

memory: add owner argument to initialization functions

2013-07-04 17:42:44 +02:00

i8259_common.c

qdev: Remove hex8/32/64 property types

2014-02-14 21:12:04 +01:00

i8259.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

imx_avic.c

imx_avic: QOM cast cleanup

2013-07-29 21:06:05 +02:00

ioapic_common.c

ioapic: QOM'ify ioapic

2013-12-24 18:02:18 +01:00

ioapic.c

qemu: x86: ignore ioapic polarity

2014-03-09 21:09:38 +02:00

lm32_pic.c

lm32_pic: QOM cast cleanup

2013-07-29 21:06:57 +02:00

Makefile.objs

s390x/kvm: implement floating-interrupt controller device

2014-02-27 09:51:25 +01:00

omap_intc.c

hw: cannot_instantiate_with_device_add_yet due to pointer props

2013-12-24 17:27:17 +01:00

openpic_kvm.c

ppc: use kvm_vcpu_enable_cap()

2014-04-30 14:39:58 +02:00

openpic.c

openpic: avoid buffer overrun on incoming migration

2014-05-05 22:15:03 +02:00

pl190.c

sysbus: Set cannot_instantiate_with_device_add_yet

2013-12-23 00:27:22 +01:00

puv3_intc.c

puv3_intc: QOM cast cleanup

2013-07-29 21:06:58 +02:00

realview_gic.c

realview_gic: Prepare for QOM embedding

2013-11-05 17:47:30 +01:00

s390_flic.c

s390x/async_pf: Check for apf extension and enable pfault

2014-02-27 09:51:25 +01:00

sh_intc.c

cpu: Make first_cpu and next_cpu CPUState

2013-07-09 21:32:54 +02:00

slavio_intctl.c

hw/intc/slavio_intctl: Avoid shifting left into sign bit

2014-03-27 19:22:49 +04:00

xics_kvm.c

ppc: use kvm_vcpu_enable_cap()

2014-04-30 14:39:58 +02:00

xics.c

target-ppc: spapr: e500: fix to use cpu_dt_id

2014-03-05 03:07:04 +01:00

xilinx_intc.c

hw/intc/xilinx_intc: Avoid shifting left into sign bit

2014-03-27 19:22:49 +04:00