I have just noticed that patch for CVE-2007-1320 has never been applied
to the QEMU CVS. Please find it below.
| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
| possibly other products, might allow local users to execute arbitrary
| code via unspecified vectors related to "attempting to mark
| non-existent regions as dirty," aka the "bitblt" heap overflow.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4340 c046a42c-6fe2-441c-8c8c-71466251a162
Add a dummy serial to receive the output from STI console (OMAP
debugging/emulation interface).
Add some more OMAP UART dummy registers.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4331 c046a42c-6fe2-441c-8c8c-71466251a162
In floppy controller, transfer data len is not correctly calculated.
We should read up to the last sector specified by the caller, and not up to
the last sector of the floppy.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4294 c046a42c-6fe2-441c-8c8c-71466251a162
In floppy controller, programming PIO writes which are more than one sector
long leads to a buffer overflow of the fdtrl->fifo[] array.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4293 c046a42c-6fe2-441c-8c8c-71466251a162
- Replaces bootsel field by the whole tdr register. It may be easier if we want to later add support for tapes.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4288 c046a42c-6fe2-441c-8c8c-71466251a162
- Removes useless fields in fdrive_t structure.
- Adds a message when bdrv_read/bdrv_write calls fail.
- Rename int_status to status0.
- Replace some constants by value names.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4287 c046a42c-6fe2-441c-8c8c-71466251a162
- Stores controller state in MSR register instead of internal state field. This simplifies the fdctrl_read_main_status() function, which may be called in some tight loops.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4286 c046a42c-6fe2-441c-8c8c-71466251a162
- Better handling of DOR register. DOR register drives external motors, but it not limited to existing drives.
- Use FD_DOR_nRESET flag instead of internal FD_CTRL_RESET flag.
- Support writing to DOR register even in reset mode (as said in specification)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4285 c046a42c-6fe2-441c-8c8c-71466251a162
- Handles correctly FD_MSR_NONDMA/FD_DOR_NONDMA flags, and uses them when possible. Fixes a problem with SPECIFY command.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4284 c046a42c-6fe2-441c-8c8c-71466251a162
- Fixes status A and status B registers. It removes one Sun4m mutation. Also removes the internal FD_CTRL_INTR flag.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4283 c046a42c-6fe2-441c-8c8c-71466251a162
- Extract seeking to next sector handling in a function. Add a sector seek in PIO read and write modes
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4282 c046a42c-6fe2-441c-8c8c-71466251a162
- Adds a command lookup table, as suggested by Fabrice at http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00143.html
- This also moves initialization functions at the bottom of the file to prevent multiple forward declarations.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4281 c046a42c-6fe2-441c-8c8c-71466251a162