aboutsummaryrefslogtreecommitdiff
path: root/ioport.c
diff options
context:
space:
mode:
authorPetr Matousek <pmatouse@redhat.com>2015-06-17 12:46:11 +0200
committerPaolo Bonzini <pbonzini@redhat.com>2015-06-17 16:03:47 +0200
commitd4862a87e31a51de9eb260f25c9e99a75efe3235 (patch)
tree94c601e5faf63509c6d9f43f98db955566d9033b /ioport.c
parent9dacf32d2cbd66cbcce7944ebdfd6b2df20e33b8 (diff)
downloadqemu-d4862a87e31a51de9eb260f25c9e99a75efe3235.zip
qemu-d4862a87e31a51de9eb260f25c9e99a75efe3235.tar.gz
qemu-d4862a87e31a51de9eb260f25c9e99a75efe3235.tar.bz2
i8254: fix out-of-bounds memory access in pit_ioport_read()
Due converting PIO to the new memory read/write api we no longer provide separate I/O region lenghts for read and write operations. As a result, reading from PIT Mode/Command register will end with accessing pit->channels with invalid index. Fix this by ignoring read from the Mode/Command register. This is CVE-2015-3214. Reported-by: Matt Tait <matttait@google.com> Fixes: 0505bcdec8228d8de39ab1a02644e71999e7c052 Cc: qemu-stable@nongnu.org Signed-off-by: Petr Matousek <pmatouse@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'ioport.c')
0 files changed, 0 insertions, 0 deletions