|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [qemu-upstream-unstable] vt82c686: avoid out-of-bounds read
commit 0d093159b4a48e24350cb7092b3b62ec4402f447
Author: Paolo Bonzini <pbonzini@xxxxxxxxxx>
AuthorDate: Wed Dec 10 10:17:36 2014 +0100
Commit: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
CommitDate: Sun Feb 22 18:16:04 2015 -0600
vt82c686: avoid out-of-bounds read
superio_ioport_readb can read the 256th element of the array.
Coverity reports an out-of-bounds write in superio_ioport_writeb,
but it does not show the corresponding out-of-bounds read
because it cannot prove that it can happen. Fix the root
cause of the problem (zhanghailang's patch instead fixes
the logic in superio_ioport_writeb).
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
Reviewed-by: zhanghailiang <zhang.zhanghailiang@xxxxxxxxxx>
Signed-off-by: Michael Tokarev <mjt@xxxxxxxxxx>
Cc: qemu-stable@xxxxxxxxxx
(cherry picked from commit 9feb8adeaa850d15b930c30f22c1ed2f2f695172)
Signed-off-by: Michael Roth <mdroth@xxxxxxxxxxxxxxxxxx>
---
hw/isa/vt82c686.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/isa/vt82c686.c b/hw/isa/vt82c686.c
index e0c235c..a43e26d 100644
--- a/hw/isa/vt82c686.c
+++ b/hw/isa/vt82c686.c
@@ -36,7 +36,7 @@
typedef struct SuperIOConfig
{
- uint8_t config[0xff];
+ uint8_t config[0x100];
uint8_t index;
uint8_t data;
} SuperIOConfig;
--
generated by git-patchbot for /home/xen/git/qemu-upstream-unstable.git
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |