Proxmox-Port/qemu
1
0
Fork 0
mirror of https://github.com/qemu/qemu.git synced 2025-10-24 10:31:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c976437c7d
qemu/hw/gpio
History
Michael S. Tsirkin 52f91c3723 zaurus: fix buffer overrun on invalid state load 
CVE-2013-4540

Within scoop_gpio_handler_update, if prev_level has a high bit set, then
we get bit > 16 and that causes a buffer overrun.

Since prev_level comes from wire indirectly, this can
happen on invalid state load.

Similarly for gpio_level and gpio_dir.

To fix, limit to 16 bit.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
..
Makefile.objs hw: move GPIO interfaces to hw/gpio/, configure with default-configs/ 2013-04-08 18:13:16 +02:00
max7310.c max7310: QOM'ify 2014-02-14 16:22:32 +01:00
omap_gpio.c hw: cannot_instantiate_with_device_add_yet due to pointer props 2013-12-24 17:27:17 +01:00
pl061.c pl061: QOM'ify pl061 and pl061_luminary 2013-07-29 21:06:46 +02:00
puv3_gpio.c puv3_gpio: QOM cast cleanup 2013-07-29 21:06:57 +02:00
zaurus.c zaurus: fix buffer overrun on invalid state load 2014-05-05 22:15:02 +02:00