]> Git Repo - qemu.git/commit - vmstate.c
projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d8d0a0b) | patch
vmstate: fix buffer overflow in target-arm/machine.c
authorMichael S. Tsirkin <[email protected]>
Thu, 3 Apr 2014 16:51:42 +0000 (19:51 +0300)
committerJuan Quintela <[email protected]>
Mon, 5 May 2014 20:15:02 +0000 (22:15 +0200)
commitd2ef4b61fe6d33d2a5dcf100a9b9440de341ad62
tree2804cfea3f62670d6be57eb102ad929f0a843581tree | snapshot
parentd8d0a0bc7e194300e53a346d25fe5724fd588387commit | diff
vmstate: fix buffer overflow in target-arm/machine.c

CVE-2013-4531

cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for
cpreg_vmstate_array_len will cause a buffer overflow.

VMSTATE_INT32_LE was supposed to protect against this
but doesn't because it doesn't validate that input is
non-negative.

Fix this macro to valide the value appropriately.

The only other user of VMSTATE_INT32_LE doesn't
ever use negative numbers so it doesn't care.

Reported-by: Anthony Liguori <[email protected]>
Signed-off-by: Michael S. Tsirkin <[email protected]>
Signed-off-by: Juan Quintela <[email protected]>
vmstate.c diff | blob | blame | history
Empty description
This page took 0.020276 seconds and 4 git commands to generate.