qemu-e2k/timer at 36cf2a37132c7f01fa9adb5f95f5312b27742fd4 - qemu-e2k - Expired Mentality Git

OpenE2K/qemu-e2k

History

Michael S. Tsirkin 3f1c49e213 hpet: fix buffer overrun on invalid state load

CVE-2013-4527 hw/timer/hpet.c buffer overrun

hpet is a VARRAY with a uint8 size but static array of 32

To fix, make sure num_timers is valid using VMSTATE_VALID hook.

Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

2014-05-05 22:15:02 +02:00

..

a9gtimer.c

hw/timer: Introduce ARM A9 Global Timer.

2013-12-10 13:24:51 +00:00

allwinner-a10-pit.c

allwinner-a10-pit: implement prescaler and source selection

2014-04-17 21:34:06 +01:00

arm_mptimer.c

sysbus: Set cannot_instantiate_with_device_add_yet

2013-12-23 00:27:22 +01:00

arm_timer.c

hw/timer/arm_timer: Avoid array overrun for bad addresses

2014-02-26 17:19:58 +00:00

cadence_ttc.c

timer: cadence_ttc: Fix match register write logic

2014-04-17 21:34:06 +01:00

digic-timer.c

hw/arm/digic: add timer support

2013-12-17 20:12:51 +00:00

ds1338.c

ds1338: QOM'ify

2014-02-14 16:22:32 +01:00

etraxfs_timer.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

exynos4210_mct.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

exynos4210_pwm.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

exynos4210_rtc.c

misc: Fix some typos in names and comments

2013-09-01 18:59:24 +04:00

grlib_gptimer.c

hw/timer/grlib_gptimer: remove unnecessary assignment

2014-03-27 19:22:49 +04:00

hpet.c

hpet: fix buffer overrun on invalid state load

2014-05-05 22:15:02 +02:00

i8254_common.c

isa: Clean up use of cannot_instantiate_with_device_add_yet

2013-12-23 00:27:23 +01:00

i8254.c

qdev: Remove hex8/32/64 property types

2014-02-14 21:12:04 +01:00

imx_epit.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

imx_gpt.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

lm32_timer.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

m48t59.c

qdev: Remove hex8/32/64 property types

2014-02-14 21:12:04 +01:00

Makefile.objs

hw/timer: add allwinner a10 timer

2013-12-17 20:12:51 +00:00

mc146818rtc.c

qdev: Add enum property types to QAPI schema

2014-02-14 21:12:05 +01:00

milkymist-sysctl.c

milkymist-sysctl: QOM cast cleanup

2013-07-29 21:07:01 +02:00

omap_gptimer.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

omap_synctimer.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

pl031.c

sysbus: Set cannot_instantiate_with_device_add_yet

2013-12-23 00:27:22 +01:00

puv3_ost.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

pxa2xx_timer.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

sh_timer.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

slavio_timer.c

sun4m: fix slavio timer RUN/STOP bit

2014-02-27 10:01:41 +00:00

tusb6010.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

twl92230.c

twl92230: QOM'ify

2014-02-14 16:22:32 +01:00

xilinx_timer.c

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00