qemu-e2k/hw/bt
Paolo Bonzini 141af038dd bt: rewrite csrhci_write to avoid out-of-bounds writes
The usage of INT_MAX in this function confuses Coverity.  I think
the defect is bogus, however there is no protection against
getting more than sizeof(s->inpkt) bytes from the character device
backend.

Rewrite the function to only fill in as much data as needed from
buf into s->inpkt.  The plen variable is replaced by a simple
state machine and there is no need anymore to shift contents to
the beginning of s->inpkt.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-29 09:11:11 +02:00
..
core.c
hci-csr.c bt: rewrite csrhci_write to avoid out-of-bounds writes 2016-05-29 09:11:11 +02:00
hci.c util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
hid.c
l2cap.c qemu-common: stop including qemu/bswap.h from qemu-common.h 2016-05-19 16:42:28 +02:00
Makefile.objs
sdp.c qemu-common: stop including qemu/host-utils.h from qemu-common.h 2016-05-19 16:42:28 +02:00