riscv-gnu-toolchain/qemu.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Michael S. Tsirkin <mst@redhat.com>	2014-04-03 19:52:09 +0300
committer	Juan Quintela <quintela@redhat.com>	2014-05-05 22:15:02 +0200
commit	5193be3be35f29a35bc465036cd64ad60d43385f (patch)
tree	953551d2084760ed33b61ffa6b306d2dc214c172 /hw/gpio/zaurus.c
parent	ead7a57df37d2187813a121308213f41591bd811 (diff)
download	qemu-5193be3be35f29a35bc465036cd64ad60d43385f.zip qemu-5193be3be35f29a35bc465036cd64ad60d43385f.tar.gz qemu-5193be3be35f29a35bc465036cd64ad60d43385f.tar.bz2

tsc210x: fix buffer overrun on invalid state load

CVE-2013-4539 s->precision, nextprecision, function and nextfunction come from wire and are used as idx into resolution[] in TSC_CUT_RESOLUTION. Validate after load to avoid buffer overrun. Cc: Andreas Färber <afaerber@suse.de> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>

Diffstat (limited to 'hw/gpio/zaurus.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: