OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
a6b3167fa0
qemu-e2k/hw
History
Prasad J Pandit b60bdd1f1e scsi: megasas: check 'read_queue_head' index value 
While doing MegaRAID SAS controller command frame lookup, routine
'megasas_lookup_frame' uses 'read_queue_head' value as an index
into 'frames[MEGASAS_MAX_FRAMES=2048]' array. Limit its value
within array bounds to avoid any OOB access.

Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <1464179110-18593-1-git-send-email-ppandit@redhat.com>
Reviewed-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-05-29 09:11:11 +02:00
..
9pfs 9p: drop unused declaration from coth.h 2016-05-18 15:04:27 +03:00
acpi acpi: do not use TARGET_PAGE_SIZE 2016-05-19 16:42:28 +02:00
alpha alpha: include cpu-qom.h in files that require AlphaCPU 2016-05-19 16:42:27 +02:00
arm machine: add properties to compat_props incrementaly 2016-05-20 14:28:54 -03:00
audio hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
block dma-helpers: change interface to byte-based 2016-05-25 19:04:11 +02:00
bt qemu-common: stop including qemu/host-utils.h from qemu-common.h 2016-05-19 16:42:28 +02:00
char hw/char: QOM'ify milkymist-uart.c 2016-05-29 09:11:10 +02:00
core qdev: Start disentangling bus from device 2016-05-26 14:06:41 +01:00
cpu explicitly include qom/cpu.h 2016-05-19 16:42:27 +02:00
cris hw/char: QOM'ify etraxfs_ser.c 2016-05-29 09:11:10 +02:00
display vga: add sr_vbe register set 2016-05-23 14:28:25 +02:00
dma hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
gpio hw: clean up hw/hw.h includes 2016-05-19 16:42:30 +02:00
i2c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
i386 pc: Set CPU model-id on compat_props for pc <= 2.4 2016-05-23 13:19:36 -03:00
ide dma-helpers: change BlockBackend to opaque value in DMAIOFunc 2016-05-25 19:04:11 +02:00
input hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
intc ioapic: clear remote irr bit for edge-triggered interrupts 2016-05-23 16:53:43 +02:00
ipack ipack: Update e-mail address 2016-05-18 15:04:27 +03:00
ipmi include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
isa explicitly include qom/cpu.h 2016-05-19 16:42:27 +02:00
lm32 hw/char: QOM'ify milkymist-uart.c 2016-05-29 09:11:10 +02:00
m68k hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
mem include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
microblaze util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
mips mips: use MIPSCPU instead of CPUMIPSState 2016-05-19 16:42:27 +02:00
misc cpu: move exec-all.h inclusion out of cpu.h 2016-05-19 16:42:29 +02:00
moxie hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
net hw/net/spapr_llan: Provide counter with dropped rx frames to the guest 2016-05-27 09:40:23 +10:00
nvram vl: Replace DT_NOGRAPHIC with machine option 2016-05-20 14:28:54 -03:00
openrisc hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
pci Fix some typos found by codespell 2016-05-18 15:04:27 +03:00
pci-bridge hw/pci-bridge: Add missing unref in case register-bus fails 2016-04-07 19:57:33 +03:00
pci-host hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc spapr_iommu: Move table allocation to helpers 2016-05-27 09:40:23 +10:00
s390x s390: use FILE instead of QEMUFile for creating text file 2016-05-26 11:31:05 +05:30
scsi scsi: megasas: check 'read_queue_head' index value 2016-05-29 09:11:11 +02:00
sd hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
sh4 cpu: move exec-all.h inclusion out of cpu.h 2016-05-19 16:42:29 +02:00
smbios include/qemu/osdep.h: Don't include qapi/error.h 2016-03-22 22:20:15 +01:00
sparc vl: Replace DT_NOGRAPHIC with machine option 2016-05-20 14:28:54 -03:00
sparc64 util: move declarations out of qemu-common.h 2016-03-22 22:20:17 +01:00
ssi hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
timer aspeed: include qemu/log.h 2016-05-20 13:09:22 +01:00
tpm tpm: Fix write to file descriptor function 2016-04-13 19:52:34 +03:00
tricore hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
unicore32 hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
usb usb/ohci: Fix crash with when specifying too many num-ports 2016-05-23 14:59:40 +02:00
vfio vfio: Check that IOMMU MR translates to system address space 2016-05-26 11:12:09 -06:00
virtio qapi: Split visit_end_struct() into pieces 2016-05-12 09:47:55 +02:00
watchdog nmi: remove x86 specific nmi handling 2016-05-23 16:53:46 +02:00
xen xen: write information about supported backends 2016-05-23 13:30:03 +02:00
xenpv xen: add pvUSB backend 2016-05-23 13:30:03 +02:00
xtensa qemu-common: push cpu.h inclusion out of qemu-common.h 2016-05-19 16:42:29 +02:00
Makefile.objs Add a base IPMI interface 2015-12-22 18:39:19 +02:00