riscv-gnu-toolchain/qemu.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Petr Matousek <pmatouse@redhat.com>	2015-05-06 09:48:59 +0200
committer	John Snow <jsnow@redhat.com>	2015-05-12 18:52:57 -0400
commit	e907746266721f305d67bc0718795fedee2e824c (patch)
tree	5edfc55d07eb0db82922d1a512336e70f2bc1098 /target-moxie
parent	968bb75c348a401b85e08d5eb1887a3e6c3185f5 (diff)
download	qemu-e907746266721f305d67bc0718795fedee2e824c.zip qemu-e907746266721f305d67bc0718795fedee2e824c.tar.gz qemu-e907746266721f305d67bc0718795fedee2e824c.tar.bz2

fdc: force the fifo access to be in bounds of the allocated buffer

During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading to memory corruption with values coming from the guest. Fix this by making sure that the index is always bounded by the allocated memory. This is CVE-2015-3456. Signed-off-by: Petr Matousek <pmatouse@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>

Diffstat (limited to 'target-moxie')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: