qemu-e2k/hw
Gerd Hoffmann 314b1811c1 scsi-disk: fix buffer overflow
In case s->version is shorter than 4 bytes we overflow the memcpy src
buffer.  Fix it by clearing the target buffer, then copy only the
amount of bytes we actually have.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2010-03-17 11:17:05 -05:00
..
ide block: Emit BLOCK_IO_ERROR before vm_stop() call 2010-03-08 11:30:01 -06:00
a9mpcore.c
ac97.c
acpi.c
adb.c
adlib.c
ads7846.c
alpha_palcode.c Large page TLB flush 2010-03-17 02:44:41 +00:00
an5206.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
apb_pci.c apc_pci: simplify using rwhandler 2010-02-22 21:23:11 +00:00
apb_pci.h
apic.c KVM: Rework VCPU state writeback API 2010-03-04 00:29:28 -03:00
arm11mpcore.c
arm_boot.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
arm_gic.c
arm_pic.c
arm_sysctl.c
arm_timer.c
arm-misc.h
armv7m_nvic.c
armv7m.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
audiodev.h
axis_dev88.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
baum.c
baum.h
bitbang_i2c.c
bitbang_i2c.h
blizzard_template.h
blizzard.c
boards.h
bt-hci-csr.c
bt-hci.c
bt-hid.c
bt-l2cap.c
bt-sdp.c
bt.c
bt.h
cbus.c
cdrom.c
cirrus_vga_rop2.h
cirrus_vga_rop.h
cirrus_vga.c cirrus: Properly re-register cirrus_linear_io_addr on vram unmap 2010-01-29 09:53:00 -06:00
cris_pic_cpu.c
cs4231.c
cs4231a.c
cuda.c
debugcon.c
dec_pci.c dec: use PCI accessors 2010-02-14 09:01:14 +00:00
dec_pci.h dec: actually implement PCI bridging 2010-02-07 19:28:32 +00:00
device-hotplug.c
devices.h
dma.c
dp8393x.c
ds1225y.c
ds1338.c
dummy_m68k.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
e1000_hw.h
e1000.c
ecc.c
eccmemctl.c
eepro100.c eepro100: address pci todo's, use pci_set_xx 2010-03-15 13:52:05 +02:00
eeprom93xx.c
eeprom93xx.h
elf_ops.h load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
es1370.c
escc.c escc: don't use reserved _t suffix 2010-02-07 08:05:47 +00:00
escc.h
esp.c esp: use CamelCaseFunc for function types 2010-02-07 09:17:35 +00:00
esp.h esp: use CamelCaseFunc for function types 2010-02-07 09:17:35 +00:00
etraxfs_dma.c
etraxfs_dma.h
etraxfs_eth.c
etraxfs_pic.c
etraxfs_ser.c
etraxfs_timer.c
etraxfs.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
etraxfs.h
fdc.c fdc: fix drive property handling. 2010-03-13 12:14:16 +01:00
fdc.h fdc: don't use reserved _t suffix 2010-02-07 09:01:18 +00:00
firmware_abi.h
flash.h
fmopl.c
fmopl.h
framebuffer.c
framebuffer.h
fw_cfg.c spelling typo (compatibilty) in hw/fw_cfg.c 2010-03-14 08:52:55 +00:00
fw_cfg.h fw_cfg: don't use reserved _ prefix 2010-02-07 09:15:26 +00:00
g364fb.c
grackle_pci.c Refactor DEC 21154 PCI bridge 2010-02-05 18:48:36 +00:00
gt64xxx.c Do not use dprintf 2010-02-07 02:03:50 +03:00
gumstix.c
gus.c
gusemu_hal.c
gusemu_mixer.c
gusemu.h
gustate.h
heathrow_pic.c
hpet_emul.h
hpet.c Do not use dprintf 2010-02-07 02:03:50 +03:00
hw.h
i2c.c
i2c.h
i8254.c
i8259.c
ide.h
integratorcp.c
ioapic.c
iommu.c
irq.c
irq.h
isa_mmio.c
isa-bus.c
isa.h
jazz_led.c
lan9118.c
lance.c
lm832x.c
loader.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
loader.h load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
lsi53c895a.c
m48t59.c m48t59: don't use reserved _t suffix 2010-02-07 08:05:03 +00:00
mac_dbdma.c PPC: Get rid of segfaults in DBDMA emulation 2010-02-14 16:10:54 +02:00
mac_dbdma.h
mac_nvram.c
macio.c
mainstone.c
mainstone.h
marvell_88w8618_audio.c
max111x.c
max7310.c
mc146818rtc.c QMP: Introduce RTC_CHANGE event 2010-03-08 11:30:09 -06:00
mcf5206.c
mcf5208.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
mcf_fec.c
mcf_intc.c
mcf_uart.c
mcf.h
microblaze_pic_cpu.c
mips_addr.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
mips_int.c mips: add header to mips_int.c and mips_timer.c 2010-03-14 23:30:44 +01:00
mips_jazz.c
mips_malta.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
mips_mipssim.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
mips_r4k.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
mips_timer.c mips: add header to mips_int.c and mips_timer.c 2010-03-14 23:30:44 +01:00
mips-bios.h
mips.h load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
mipsnet.c
mpcore.c
msix.c
msix.h
msmouse.c
msmouse.h
mst_fpga.c
multiboot.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
multiboot.h
musicpal.c Musicpal: Fix descriptor walk in eth_send 2010-01-24 16:55:20 +03:00
nand.c
ne2000-isa.c
ne2000.c
ne2000.h
nseries.c
nvram.h m48t59: don't use reserved _t suffix 2010-02-07 08:05:03 +00:00
omap1.c
omap2.c
omap_clk.c
omap_dma.c
omap_dss.c
omap_i2c.c
omap_lcd_template.h
omap_lcdc.c
omap_mmc.c
omap_sx1.c
omap.h
onenand.c
openpic.c
openpic.h
palm.c
parallel.c
pc.c error: Replace qemu_error() by error_report() 2010-03-16 16:58:32 +01:00
pc.h Move ioport.h out of cpu-all.h 2010-03-01 03:29:21 +00:00
pci_host.c Update to a hopefully more future proof FSF address 2010-03-07 15:48:43 +00:00
pci_host.h pci_host: rewrite using rwhandler 2010-02-14 16:10:53 +02:00
pci_ids.h PPC: Use Mac99_U3 type on ppc64 2010-02-14 16:10:54 +02:00
pci_regs.h
pci-hotplug.c qemu-option: Move the implied first name into QemuOptsList 2010-03-16 17:45:34 +01:00
pci.c error: Replace qemu_error() by error_report() 2010-03-16 16:58:32 +01:00
pci.h adding helper pci functions 2010-03-08 11:30:09 -06:00
pcie_host.c Update to a hopefully more future proof FSF address 2010-03-07 15:48:43 +00:00
pcie_host.h Update to a hopefully more future proof FSF address 2010-03-07 15:48:43 +00:00
pckbd.c
pcmcia.h
pcnet.c pcnet: make subsystem vendor id match hardware 2010-03-15 13:52:06 +02:00
pcnet.h
pcspk.c
petalogix_s3adsp1800_mmu.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
pflash_cfi01.c pflash: Buffer block writes 2010-01-27 13:01:53 +01:00
pflash_cfi02.c
piix4.c
piix_pci.c
pixel_ops.h
pl011.c
pl022.c
pl031.c
pl050.c
pl061.c
pl080.c
pl110_template.h
pl110.c
pl181.c Fix arm-softmmu compile 2010-02-22 20:42:51 +00:00
pl190.c
poison.h
ppc4xx_devs.c
ppc4xx_pci.c
ppc4xx.h
ppc405_boards.c
ppc405_uc.c
ppc405.h
ppc440_bamboo.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
ppc440.c
ppc440.h
ppc_mac.h PPC: Use Mac99_U3 type on ppc64 2010-02-14 16:10:54 +02:00
ppc_newworld.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
ppc_oldworld.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
ppc_prep.c m48t59: don't use reserved _t suffix 2010-02-07 08:05:03 +00:00
ppc.c
ppc.h PPC: tell the guest about the time base frequency 2010-02-14 16:10:54 +02:00
ppce500_mpc8544ds.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
ppce500_pci.c
ppce500.h
prep_pci.c
prep_pci.h
primecell.h
ps2.c kbd leds: ps/2 kbd 2010-03-09 08:47:20 -06:00
ps2.h
ptimer.c
pxa2xx_dma.c
pxa2xx_gpio.c
pxa2xx_keypad.c
pxa2xx_lcd.c
pxa2xx_mmci.c
pxa2xx_pcmcia.c
pxa2xx_pic.c
pxa2xx_template.h
pxa2xx_timer.c
pxa2xx.c
pxa.h
qdev-addr.c
qdev-addr.h
qdev-properties.c qdev: convert setting device properties to QError 2010-03-16 17:45:26 +01:00
qdev.c monitor: convert do_device_add() to QObject 2010-03-16 17:45:35 +01:00
qdev.h monitor: convert do_device_add() to QObject 2010-03-16 17:45:35 +01:00
r2d.c SH4/R2D: fix poweroff 2010-02-08 12:21:03 +01:00
rc4030.c
realview_gic.c
realview.c
rtl8139.c rewrote timer implementation for rtl8139. 2010-02-23 13:23:29 -06:00
s390-virtio-bus.c s390-virtio: Fix compile error for virtio-block init 2010-03-06 22:55:18 +01:00
s390-virtio-bus.h block: add topology qdev properties 2010-02-10 16:53:25 -06:00
s390-virtio.c KVM: Rework VCPU state writeback API 2010-03-04 00:29:28 -03:00
sb16.c
sbi.c
scsi-bus.c error: Replace qemu_error() by error_report() 2010-03-16 16:58:32 +01:00
scsi-defs.h Update to a hopefully more future proof FSF address 2010-03-07 15:48:43 +00:00
scsi-disk.c scsi-disk: fix buffer overflow 2010-03-17 11:17:05 -05:00
scsi-generic.c error: Replace qemu_error() by error_report() 2010-03-16 16:58:32 +01:00
scsi.h block: add topology qdev properties 2010-02-10 16:53:25 -06:00
sd.c
sd.h
serial.c hw/serial.c: fix THRE interrupt clearing 2010-03-06 22:28:07 +01:00
sh7750_regnames.c
sh7750_regnames.h
sh7750_regs.h
sh7750.c sh7750: handle MMUCR TI bit 2010-02-09 21:07:03 +01:00
sh_intc.c
sh_intc.h
sh_pci.c
sh_pci.h
sh_serial.c
sh_timer.c
sh.h
sharpsl.h
shix.c
slavio_intctl.c
slavio_misc.c
slavio_timer.c Sparc32: fix free-run timer 2010-01-24 14:28:21 +00:00
sm501_template.h
sm501.c
smbios.c
smbios.h
smbus_eeprom.c
smbus.c
smbus.h
smc91c111.c
soc_dma.c
soc_dma.h
sparc32_dma.c sparc32 fix spurious dma interrupts v2 2010-02-15 17:49:15 +00:00
sparc32_dma.h
spitz.c
ssd0303.c
ssd0323.c
ssi-sd.c
ssi.c
ssi.h
stellaris_enet.c
stellaris_input.c
stellaris.c
sun4c_intctl.c
sun4m.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
sun4m.h
sun4u.c load_elf: replace the address addend by a translation function 2010-03-16 08:38:05 +01:00
syborg_fb.c
syborg_interrupt.c
syborg_keyboard.c
syborg_pointer.c
syborg_rtc.c
syborg_serial.c
syborg_timer.c
syborg_virtio.c
syborg.c
syborg.h
sysbus.c
sysbus.h
tc6393xb_template.h
tc6393xb.c
tc58128.c
tcx.c
tmp105.c
tosa.c
tsc210x.c
tsc2005.c
tusb6010.c
twl92230.c
unin_pci.c PPC: Make interrupts work 2010-02-14 16:10:54 +02:00
usb-bt.c
usb-bus.c Avoid crash on '-usbdevice <device>' without parameters 2010-03-17 10:42:12 -05:00
usb-hid.c kbd leds: usb kbd 2010-03-09 08:47:20 -06:00
usb-hub.c
usb-msd.c error: Replace qemu_error() by error_report() 2010-03-16 16:58:32 +01:00
usb-musb.c
usb-net.c qemu-option: Move the implied first name into QemuOptsList 2010-03-16 17:45:34 +01:00
usb-ohci.c Do not use dprintf 2010-02-07 02:03:50 +03:00
usb-ohci.h
usb-serial.c error: Replace qemu_error() by error_report() 2010-03-16 16:58:32 +01:00
usb-uhci.c audio streaming from usb devices 2010-02-10 12:45:11 -06:00
usb-uhci.h
usb-wacom.c
usb.c
usb.h
versatile_pci.c versatile_pci: cleanup 2010-02-14 16:10:54 +02:00
versatilepb.c
vga_int.h
vga_template.h
vga-isa-mm.c
vga-isa.c
vga-pci.c
vga.c
virtio-balloon.c balloon: Do not save VM state wrt asynchronous virtio operations 2010-03-17 10:42:40 -05:00
virtio-balloon.h virtio: Add memory statistics reporting to the balloon driver 2010-01-26 17:08:03 -06:00
virtio-blk.c block: add logical_block_size property 2010-03-17 10:42:27 -05:00
virtio-blk.h block: add logical_block_size property 2010-03-17 10:42:27 -05:00
virtio-console.c virtio-console: Rename virtio-serial.c back to virtio-console.c 2010-01-26 15:42:02 -06:00
virtio-net.c error: Replace qemu_error() by error_report() 2010-03-16 16:58:32 +01:00
virtio-net.h
virtio-pci.c error: Replace qemu_error() by error_report() 2010-03-16 16:58:32 +01:00
virtio-serial-bus.c error: Replace qemu_error() by error_report() 2010-03-16 16:58:32 +01:00
virtio-serial.h
virtio.c
virtio.h block: add topology qdev properties 2010-02-10 16:53:25 -06:00
vmmouse.c
vmport.c KVM: Make vmport KVM-compatible 2010-02-03 19:47:34 -02:00
vmware_vga.c
vmware_vga.h
watchdog.c QMP: Introduce WATCHDOG event 2010-03-09 08:47:27 -06:00
watchdog.h
wdt_i6300esb.c
wdt_ib700.c
wm8750.c
xen_backend.c
xen_backend.h
xen_blkif.h
xen_common.h
xen_console.c
xen_devconfig.c
xen_disk.c
xen_domainbuild.c check pipe() return value 2010-01-26 14:59:20 -06:00
xen_domainbuild.h
xen_machine_pv.c
xen_nic.c
xen.h
xenfb.c disentangle tcg and deadline calculation 2010-03-17 11:14:54 -05:00
xilinx_ethlite.c
xilinx_intc.c
xilinx_timer.c
xilinx_uartlite.c
xilinx.h
zaurus.c