mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f59caeca76
qemu/include
History
Dmitry Frolov f59caeca76 hw/cxl: Fix out of bound array access 
According to cxl_interleave_ways_enc(), fw->num_targets is allowed to be up
to 16. This also corresponds to CXL r3.0 spec. So, the fw->target_hbs[]
array is iterated from 0 to 15. But it is statically declared of length 8.
Thus, out of bound array access may occur.

Fixes: c28db9e000 ("hw/pci-bridge: Make PCIe and CXL PXB Devices inherit from TYPE_PXB_DEV")
Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Link: https://lore.kernel.org/r/20230913101055.754709-1-frolov@swemel.ru
Cc: qemu-stable@nongnu.org
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit de5bbfc602)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-10-03 02:00:54 +03:00
..
authz Prefer 'on' | 'off' over 'yes' | 'no' for bool options 2021-01-29 17:07:53 +00:00
block nbd: Use enum for various negotiation modes 2023-07-19 15:26:13 -05:00
chardev chardev: src buffer const for write functions 2022-09-29 14:38:05 +04:00
crypto crypto: Unexport AES_*_rot, AES_TeN, AES_TdN 2023-07-09 13:48:23 +01:00
disas disas: Change type of disassemble_info.target_info to pointer 2023-06-13 17:25:47 +10:00
exec linux-user: Use ARRAY_SIZE with bitmask_transtbl 2023-08-09 07:17:42 -07:00
fpu fpu: Add float64_to_int{32,64}_modulo 2023-07-01 08:26:54 +02:00
gdbstub gdbstub: Remove gdb_do_syscallv 2023-03-07 20:44:09 +00:00
hw hw/cxl: Fix out of bound array access 2023-10-03 02:00:54 +03:00
io io: remove io watch if TLS channel is closed during handshake 2023-08-01 18:45:27 +01:00
libdecnumber Replace config-time define HOST_WORDS_BIGENDIAN 2022-04-06 10:50:37 +02:00
migration migration/ram: Expose ramblock_is_ignored() as migrate_ram_is_ignored() 2023-07-12 09:25:37 +02:00
monitor monitor: add more *_locked() functions 2023-05-25 10:18:33 +02:00
net igb: Strip the second VLAN tag for extended VLAN 2023-05-23 15:20:15 +08:00
qapi monitor: mark mixed functions that can suspend 2023-04-20 11:17:35 +02:00
qemu host-utils: Add muldiv64_round_up 2023-09-25 23:44:30 +03:00
qom qom/object: Remove circular include dependency 2022-06-28 10:53:32 +02:00
scsi coroutine: Clean up superfluous inclusion of qemu/coroutine.h 2023-01-19 10:18:28 +01:00
semihosting semihosting: Allow optional use of semihosting from userspace 2022-09-13 17:18:21 +01:00
standard-headers linux-headers: update to v6.5-rc1 2023-07-10 09:52:52 +02:00
sysemu kvm: Introduce kvm_arch_get_default_type hook 2023-08-24 18:43:47 +03:00
tcg tcg: Reduce tcg_assert_listed_vecop() scope 2023-07-01 08:26:54 +02:00
ui virtio-gpu-udmabuf: correct naming of QemuDmaBuf size properties 2023-07-17 15:22:28 +04:00
user *-user: remove the guest_user_syscall tracepoints 2023-06-01 11:03:55 -04:00
elf.h linux-user/elfload: Fix /proc/cpuinfo features: on s390x 2023-07-18 09:36:27 +02:00
glib-compat.h compiler.h: replace QEMU_NORETURN with G_NORETURN 2022-04-21 17:03:51 +04:00
qemu-io.h
qemu-main.h ui/cocoa: Run qemu_init in the main thread 2022-09-23 14:36:33 +02:00