riscv-gnu-toolchain/qemu.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Jonathan Cameron <Jonathan.Cameron@huawei.com>	2024-11-01 13:39:10 +0000
committer	Michael S. Tsirkin <mst@redhat.com>	2024-11-04 16:03:25 -0500
commit	f4a12ba66bebfe200d7f56015c1cd5af321ab152 (patch)
tree	120f00aa699323e08b7642f9740fb941752b5c33 /hw/char/serial-pci.c
parent	91a743bd021a262af61c79cc35f0b634b2fcf3ad (diff)
download	qemu-f4a12ba66bebfe200d7f56015c1cd5af321ab152.zip qemu-f4a12ba66bebfe200d7f56015c1cd5af321ab152.tar.gz qemu-f4a12ba66bebfe200d7f56015c1cd5af321ab152.tar.bz2

hw/cxl: Check input length is large enough in cmd_events_clear_records()

Buggy software might write a message that is too short for either the header, or the header + the event data that is specified in the header. This may result in accesses beyond the range of the message allocated as a duplicate of the incoming message buffer. Reported-by: Esifiel <esifiel@gmail.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20241101133917.27634-4-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

Diffstat (limited to 'hw/char/serial-pci.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: