Petr Matousek e907746266 fdc: force the fifo access to be in bounds of the allocated buffer ... During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading to memory corruption with values coming from the guest. Fix this by making sure that the index is always bounded by the allocated memory. This is CVE-2015-3456. Signed-off-by: Petr Matousek <pmatouse@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>		2015-05-12 18:52:57 -04:00
..
dataplane	virtio-blk: correctly dirty guest memory	2015-04-08 10:39:18 +01:00
block.c	BlockConf: Call backend functions to detect geometry and blocksizes	2015-03-10 14:02:22 +01:00
cdrom.c
ecc.c
fdc.c	fdc: force the fifo access to be in bounds of the allocated buffer	2015-05-12 18:52:57 -04:00
hd-geometry.c	BlockConf: Call backend functions to detect geometry and blocksizes	2015-03-10 14:02:22 +01:00
m25p80.c	m25p80: fix s->blk usage before assignment	2015-04-28 15:36:09 +02:00
Makefile.objs	block: Always compile virtio-blk dataplane	2014-09-22 11:39:51 +01:00
nand.c	block: remove superfluous '\n' around error_report/error_setg	2015-03-10 08:15:33 +03:00
nvme.c	Enable NVMe start controller for Windows guest.	2015-04-30 15:35:26 +02:00
nvme.h	nvme: 64kB page size fixes	2014-12-10 10:31:16 +01:00
onenand.c	onenand: g_malloc() can't fail, bury dead error handling	2015-02-10 09:27:20 +03:00
pflash_cfi01.c	hw: Propagate errors through qdev_prop_set_drive()	2015-03-10 11:18:23 +01:00
pflash_cfi02.c	hw: Propagate errors through qdev_prop_set_drive()	2015-03-10 11:18:23 +01:00
tc58128.c
virtio-blk.c	misc: Fix new collection of typos	2015-04-30 16:05:48 +03:00
xen_blkif.h
xen_disk.c	block/xen: Use blk_new_open() in blk_connect()	2015-02-16 15:07:18 +00:00