OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
e58ccf0396
qemu-e2k/hw
History
Prasad J Pandit e58ccf0396 lsi53c895a: check message length value is valid 
While writing a message in 'lsi_do_msgin', message length value
in 'msg_len' could be invalid due to an invalid migration stream.
Add an assertion to avoid an out of bounds access, and reject
the incoming migration data if it contains an invalid message
length.

Discovered by Deja vu Security. Reported by Oracle.

Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-Id: <20181026194314.18663-1-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2018-11-06 21:35:05 +01:00
..
9pfs fsdev: Clean up error reporting in qemu_fsdev_add() 2018-10-19 14:51:34 +02:00
acpi pci, pc, virtio: fixes, features 2018-09-24 18:49:11 +01:00
adc
alpha hw/alpha/typhoon: Remove unuseful code 2018-10-24 06:44:59 -03:00
arm hw/arm: versal: Add a virtual Xilinx Versal board 2018-11-02 14:11:31 +00:00
audio audio: use TYPE_MV88W8618_AUDIO instead of hardcoded string 2018-10-29 13:50:15 +01:00
block block: Remove deprecated -drive option serial 2018-08-15 12:50:39 +02:00
bt
char hw/char: Implement nRF51 SoC UART 2018-11-02 14:03:33 +00:00
core Machine queue, 2018-10-25 2018-10-25 20:17:12 +01:00
cpu hw/cpu/a15mpcore: If CPU has EL2, enable it on the GIC and wire it up 2018-08-24 13:17:34 +01:00
cris hw/cris: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
display vga: two fixes. 2018-10-29 12:59:15 +00:00
dma hw/dma/pl080: Remove hw_error() if DMA is enabled 2018-08-20 11:24:33 +01:00
gpio hw/i2c: Use DeviceClass::realize instead of I2CSlaveClass::init 2018-06-01 15:14:31 +02:00
hppa hw/hppa/dino: Remove unuseful code 2018-10-24 06:44:59 -03:00
hyperv hyperv_testdev: add SynIC message and event testmodes 2018-10-19 13:44:14 +02:00
i2c i2c: switch ddc to use the new edid generator 2018-10-15 09:57:33 +02:00
i386 pc-dimm: pass PCDIMMDevice to pc_dimm_.*plug 2018-10-24 06:44:59 -03:00
ide replay: replay BH for IDE trim operation 2018-10-02 19:09:13 +02:00
input ps2: prevent changing irq state on save and load 2018-10-02 18:47:55 +02:00
intc target/arm: Move some system registers into a substructure 2018-10-24 07:50:16 +01:00
ipack hw/ipack: Use the IEC binary prefix definitions 2018-07-02 15:41:12 +02:00
ipmi ipmi: Use proper struct reference for BT vmstate 2018-08-23 18:46:25 +02:00
isa configs: Add a CONFIG_SMC37C669 switch for the "smc37c669-superio" device 2018-10-24 07:33:44 +01:00
lm32 hw/lm32: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
m68k hw/m68k: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
mem nvdimm: set non-volatile on the memory region 2018-11-06 21:35:05 +01:00
microblaze hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' 2018-07-23 15:21:25 +01:00
mips hw/mips/malta: Remove unuseful code 2018-10-24 06:44:59 -03:00
misc ivshmem: fix memory backend leak 2018-11-06 21:35:05 +01:00
moxie change get_image_size return type to int64_t 2018-10-02 19:08:49 +02:00
net QEMU trivial patches collected between June and October 2018 2018-10-30 15:49:55 +00:00
nios2 hw/nios2: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
nvram ppc: move at24c to its own CONFIG_ symbol 2018-10-30 09:12:09 +01:00
openrisc Change references to serial_hds[] to serial_hd() 2018-04-26 13:57:00 +01:00
pci qmp, hmp: make subsystem/system-vendor identities optional 2018-10-11 19:58:26 +01:00
pci-bridge hw/pci: add PCI resource reserve capability to legacy PCI bridge 2018-09-07 17:05:18 -04:00
pci-host i386: clarify that the Q35 machine type implements a P35 chipset 2018-11-06 21:35:05 +01:00
pcmcia
ppc memory-device: add and use memory_device_get_region_size() 2018-10-24 06:44:59 -03:00
rdma config: split PVRDMA from RDMA 2018-08-18 18:01:34 +03:00
riscv RISC-V: Don't add NULL bootargs to device-tree 2018-10-17 13:02:30 -07:00
s390x hw/s390x: Include the tod-qemu also for builds with --disable-tcg 2018-10-12 11:32:19 +02:00
scsi lsi53c895a: check message length value is valid 2018-11-06 21:35:05 +01:00
sd ssi-sd: Make devices picking up backends unavailable with -device 2018-10-24 07:50:16 +01:00
sh4 hw/sh4/sh_pci: Use DeviceState::realize rather than SysBusDevice::init 2018-10-24 06:44:59 -03:00
smbios smbios: Clean up error handling in smbios_add() 2018-10-19 14:51:34 +02:00
sparc sun4m: don't use legacy fw_cfg_init_mem() function 2018-08-20 19:18:31 +01:00
sparc64 hw/sparc64/niagara: Model the I/O Bridge with the 'unimplemented_device' 2018-10-24 06:44:59 -03:00
ssi hw/ssi/xilinx_spi: Use DeviceState::realize rather than SysBusDevice::init 2018-10-24 06:44:59 -03:00
timer hw/timer/sun4v-rtc: Use DeviceState::realize rather than SysBusDevice::init 2018-10-24 06:44:59 -03:00
tpm tpm: Zero-init structure to avoid uninitialized variables in valgrind log 2018-10-30 17:34:22 -04:00
tricore hw/tricore: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
unicore32
usb usb: fixes for ohci and smart card emulation. 2018-10-30 13:32:38 +00:00
vfio s390x/vfio-ap: report correct error 2018-11-05 09:55:01 +01:00
virtio Error reporting patches for 2018-10-22 2018-10-23 17:20:23 +01:00
watchdog qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00
xen xen: Use the PCI_DEVICE macro 2018-10-26 17:17:32 +02:00
xenpv hw/xen: Use the IEC binary prefix definitions 2018-07-02 15:41:13 +02:00
xtensa hw/xtensa: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
Makefile.objs memory-device: introduce separate config option 2018-10-24 06:44:59 -03:00