qemu-e2k/hw/sd
Michael S. Tsirkin a9c380db3b ssi-sd: fix buffer overrun on invalid state load
CVE-2013-4537

s->arglen is taken from wire and used as idx
in ssi_sd_transfer().

Validate it before access.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:03 +02:00
..
Makefile.objs
milkymist-memcard.c blockdev: Remove IF_* check for read-only blockdev_init 2013-10-11 16:50:01 +02:00
omap_mmc.c blockdev: Remove IF_* check for read-only blockdev_init 2013-10-11 16:50:01 +02:00
pl181.c sysbus: Set cannot_instantiate_with_device_add_yet 2013-12-23 00:27:22 +01:00
pxa2xx_mmci.c blockdev: Remove IF_* check for read-only blockdev_init 2013-10-11 16:50:01 +02:00
sd.c sd: Avoid access to NULL BlockDriverState 2013-10-17 10:15:18 +02:00
sdhci.c QOM infrastructure fixes and device conversions 2014-02-20 13:05:48 +00:00
sdhci.h
ssi-sd.c ssi-sd: fix buffer overrun on invalid state load 2014-05-05 22:15:03 +02:00