aboutsummaryrefslogtreecommitdiff
path: root/hw/s390x
diff options
context:
space:
mode:
authorPaolo Bonzini <pbonzini@redhat.com>2016-05-20 10:35:15 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2016-05-29 09:11:11 +0200
commit141af038dd1e73ed32e473046adeb822537c1152 (patch)
treee2ab07fa8796e16b4188f0eca5a29b1acf6d05c4 /hw/s390x
parenta6b3167fa0e825aebb5a7cd8b437b6d41584a196 (diff)
downloadqemu-141af038dd1e73ed32e473046adeb822537c1152.zip
qemu-141af038dd1e73ed32e473046adeb822537c1152.tar.gz
qemu-141af038dd1e73ed32e473046adeb822537c1152.tar.bz2
bt: rewrite csrhci_write to avoid out-of-bounds writes
The usage of INT_MAX in this function confuses Coverity. I think the defect is bogus, however there is no protection against getting more than sizeof(s->inpkt) bytes from the character device backend. Rewrite the function to only fill in as much data as needed from buf into s->inpkt. The plen variable is replaced by a simple state machine and there is no need anymore to shift contents to the beginning of s->inpkt. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'hw/s390x')
0 files changed, 0 insertions, 0 deletions