363ba1c72f
Check incoming_posn to avoid out-of-bounds array accesses if the ivshmem server on the host sends invalid values. Cc: Cam Macdonell <cam@cs.ualberta.ca> Reported-by: Sebastian Krahmer <krahmer@suse.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> [AF: Tighten upper bound check for posn in close_guest_eventfds()] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber <afaerber@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
||
|---|---|---|
| .. | ||
| macio | ||
| a9scu.c | ||
| applesmc.c | ||
| arm11scu.c | ||
| arm_integrator_debug.c | ||
| arm_l2x0.c | ||
| arm_sysctl.c | ||
| cbus.c | ||
| debugexit.c | ||
| eccmemctl.c | ||
| exynos4210_pmu.c | ||
| imx_ccm.c | ||
| ivshmem.c | ||
| Makefile.objs | ||
| max111x.c | ||
| milkymist-hpdmc.c | ||
| milkymist-pfpu.c | ||
| mst_fpga.c | ||
| omap_clk.c | ||
| omap_gpmc.c | ||
| omap_l4.c | ||
| omap_sdrc.c | ||
| omap_tap.c | ||
| pc-testdev.c | ||
| pci-testdev.c | ||
| puv3_pm.c | ||
| pvpanic.c | ||
| sga.c | ||
| slavio_misc.c | ||
| tmp105.c | ||
| tmp105.h | ||
| vfio.c | ||
| vmport.c | ||
| zynq_slcr.c | ||