QEMU-Nyx-fork/hw at 5193be3be35f29a35bc465036cd64ad60d43385f - QEMU-Nyx-fork - Gitea: Git Fakultät Informatik TU Dortmund

david.venhoff/QEMU-Nyx-fork

History

Michael S. Tsirkin 5193be3be3 tsc210x: fix buffer overrun on invalid state load

CVE-2013-4539

s->precision, nextprecision, function and nextfunction
come from wire and are used
as idx into resolution[] in TSC_CUT_RESOLUTION.

Validate after load to avoid buffer overrun.

Cc: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>

2014-05-05 22:15:02 +02:00

..

qerror.h: Remove QERR defines that are only used once

2014-04-25 09:19:59 -04:00

acpi: Assert sts array limit on AcpiCpuHotplug_add()

2014-03-18 16:08:43 +02:00

exec: Make stq_*_phys input an AddressSpace

2014-02-11 22:57:12 +10:00

pxa2xx: avoid buffer overrun on incoming migration

2014-05-05 22:15:02 +02:00

hda-audio: fix non-mixer codecs

2014-04-29 10:46:29 +02:00

block: Add errp to bdrv_new()

2014-04-22 12:00:20 +02:00

Preparation for usb-bt-dongle conditional build

2013-09-10 11:14:41 +02:00

char/serial: Fix emptyness handling

2014-04-07 14:51:32 +01:00

qerror.h: Remove QERR defines that are only used once

2014-04-25 09:19:59 -04:00

icc_bus: QOM'ify ICC

2013-12-24 18:02:18 +01:00

cris: Remove the CRIS PIC glue

2014-02-03 14:04:00 +00:00

ssd0323: fix buffer overun on invalid state load

2014-05-05 22:15:02 +02:00

qom: Add check() argument to object_property_add_link()

2014-03-19 22:23:13 +01:00

max7310: QOM'ify

2014-02-14 16:22:32 +01:00

Fix grammar in comment

2014-04-18 10:33:36 +04:00

misc: Use cpu_physical_memory_read and cpu_physical_memory_write

2014-04-27 13:04:18 +04:00

ahci: fix buffer overrun on invalid state load

2014-05-05 22:15:02 +02:00

tsc210x: fix buffer overrun on invalid state load

2014-05-05 22:15:02 +02:00

target-arm queue:

2014-05-02 11:32:00 +01:00

ipack: Move IndustryPack out of hw/char/

2014-02-14 21:11:53 +01:00

QOM infrastructure fixes and device conversions

2014-02-20 13:05:48 +00:00

hw/lm32: print error if cpu model is not found

2014-02-04 19:47:39 +01:00

an5206: Don't enforce use of kernel for qtest

2013-11-05 17:47:29 +01:00

xilinx: Delete hw/include/xilinx.h

2014-02-26 14:54:45 +10:00

i2c: Rename i2c_bus to I2CBus

2014-02-14 16:22:31 +01:00

qerror.h: Remove QERR defines that are only used once

2014-04-25 09:19:59 -04:00

moxie: fix load_elf() usage

2014-03-05 03:06:46 +01:00

virtio-net: out-of-bounds buffer write on invalid state load

2014-05-05 14:15:10 +02:00

vl.c: Extend get_boot_devices_list() to ignore suffixes

2014-03-20 02:40:07 +01:00

openrisc-timer: Reduce overhead, Separate clock update functions

2013-11-20 21:46:45 +08:00

hw/pci/pcie_aer.c: fix buffer overruns on invalid state load

2014-05-05 22:15:02 +02:00

pci/shpc: convert SHPC hotplug to use hotplug-handler API

2014-02-10 10:27:00 +02:00

hw/pci-host/prep: Don't reverse IO accesses on bigendian hosts

2014-04-08 18:37:45 +01:00

qom: Add check() argument to object_property_add_link()

2014-03-19 22:23:13 +01:00

ppce500_spin: Initialize struct properly

2014-04-08 11:20:05 +02:00

qom: Add check() argument to object_property_add_link()

2014-03-19 22:23:13 +01:00

scsi-bus: remove bogus assertion

2014-04-02 13:24:23 +02:00

ssi: Convert legacy SSI_SLAVE -> DEVICE casts

2014-03-12 20:13:02 +01:00

cputlb: Change tlb_flush() argument to CPUState

2014-03-13 19:52:47 +01:00

sun4m: Add Sun CG3 framebuffer initialisation function

2014-02-27 10:01:41 +00:00

pc,pci,virtio fixes and cleanups

2013-09-03 12:31:07 -05:00

pl022: fix buffer overun on invalid state load

2014-05-05 22:15:02 +02:00

hpet: fix buffer overrun on invalid state load

2014-05-05 22:15:02 +02:00

aio / timers: Untangle include files

2013-08-22 19:10:27 +02:00

console: add head to index to qemu consoles.

2014-03-05 09:52:04 +01:00

usb: mtp filesharing

2014-04-23 10:28:14 +02:00

virtio: validate num_sg when mapping

2014-05-05 22:15:02 +02:00

qemu-option: Remove qemu_opts_create_nofail

2014-01-06 15:02:30 -05:00

Call pci_piix3_xen_ide_unplug from unplug_disks

2014-02-20 17:28:08 +00:00

hw/xtensa: add support for ML605 and KC705 FPGA board

2014-02-24 04:47:01 +04:00

Makefile.objs

hw/9pfs: Include virtio-9p-device.o in build

2014-03-04 09:20:49 +05:30