[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [qemu-xen-unstable] lm832x: don't overrun file buffer on save/restore

commit fb9ee2e1049f7ca8f597a00360745ead64fd974b
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Tue Nov 4 11:46:46 2014 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri Oct 16 16:52:06 2015 +0100

    lm832x: don't overrun file buffer on save/restore
    
    Saving and restoring an lm832x record would overrun the pwm.file array
    since pwm.file is uint16_t elements and sizeof(pwm.file) twice as many
    elements.
    
    To ensure compatibility, padding bytes are added to the record.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Coverity-IDs: 1055728 1055729
---
 hw/lm832x.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/hw/lm832x.c b/hw/lm832x.c
index dd94310..a212866 100644
--- a/hw/lm832x.c
+++ b/hw/lm832x.c
@@ -439,8 +439,11 @@ static void lm_kbd_save(QEMUFile *f, void *opaque)
     qemu_put_byte(f, s->kbd.len);
     qemu_put_buffer(f, s->kbd.fifo, sizeof(s->kbd.fifo));
 
-    for (i = 0; i < sizeof(s->pwm.file); i ++)
+    for (i = 0; i < ARRAY_SIZE(s->pwm.file); i ++)
         qemu_put_be16s(f, &s->pwm.file[i]);
+    /* Padding for compatibility with older records. */
+    for ( ; i < sizeof(s->pwm.file); i++)
+        qemu_put_be16s(f, 0);
     qemu_put_8s(f, &s->pwm.faddr);
     qemu_put_buffer(f, s->pwm.addr, sizeof(s->pwm.addr));
     qemu_put_timer(f, s->pwm.tm[0]);
@@ -451,6 +454,7 @@ static void lm_kbd_save(QEMUFile *f, void *opaque)
 static int lm_kbd_load(QEMUFile *f, void *opaque, int version_id)
 {
     struct lm_kbd_s *s = (struct lm_kbd_s *) opaque;
+    uint16_t pad;
     int i;
 
     i2c_slave_load(f, &s->i2c);
@@ -475,8 +479,11 @@ static int lm_kbd_load(QEMUFile *f, void *opaque, int 
version_id)
     s->kbd.len = qemu_get_byte(f);
     qemu_get_buffer(f, s->kbd.fifo, sizeof(s->kbd.fifo));
 
-    for (i = 0; i < sizeof(s->pwm.file); i ++)
+    for (i = 0; i < ARRAY_SIZE(s->pwm.file); i ++)
         qemu_get_be16s(f, &s->pwm.file[i]);
+    /* Skip padding. */
+    for ( ; i < sizeof(s->pwm.file); i++)
+        qemu_get_be16(f);
     qemu_get_8s(f, &s->pwm.faddr);
     qemu_get_buffer(f, s->pwm.addr, sizeof(s->pwm.addr));
     qemu_get_timer(f, s->pwm.tm[0]);
--
generated by git-patchbot for /home/xen/git/qemu-xen-unstable.git

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.