vmstate: fix buffer overflow in target-arm/machine.c - focaccia-qemu - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Michael S. Tsirkin <mst@redhat.com>	2014-04-03 19:51:42 +0300
committer	Juan Quintela <quintela@redhat.com>	2014-05-05 22:15:02 +0200
commit	d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62 (patch)
tree	2804cfea3f62670d6be57eb102ad929f0a843581 /scripts/qapi-commands.py
parent	d8d0a0bc7e194300e53a346d25fe5724fd588387 (diff)
download	focaccia-qemu-d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62.tar.gz focaccia-qemu-d2ef4b61fe6d33d2a5dcf100a9b9440de341ad62.zip

vmstate: fix buffer overflow in target-arm/machine.c

CVE-2013-4531

cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for
cpreg_vmstate_array_len will cause a buffer overflow.

VMSTATE_INT32_LE was supposed to protect against this
but doesn't because it doesn't validate that input is
non-negative.

Fix this macro to valide the value appropriately.

The only other user of VMSTATE_INT32_LE doesn't
ever use negative numbers so it doesn't care.

Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

Diffstat (limited to 'scripts/qapi-commands.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: