[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 00/32] Qemu Traditional bugfixes



Here is a set of bugfixes against Qemu Traditional, which are from the
XenServer patch queue.

Patches 1 to 4 are build fixes in a CentOS environment
Patches 5 to 8 are backports of public CVEs, including two remote code
execution vulnerabilities.
Patches 9 to 11 are fixes for crashes which guest activity can cause
Patch 12 is a functional fix to command line parsing
Patches 13 to 15 are fixes from the use of valgrind
Patches 16 to 32 are fixes from Coverity analysis

I have identified Coverity Scan IDs where applicable.

Andrew Cooper (9):
  cirrus_vga: default all I/O port reads to 0xff
  lm832x: don't overrun file buffer on save/restore
  block-vvfat: fix fat_chksum() buffer overrun warning
  CVE-2014-8106: cirrus: fix blit region check
  CVE-2014-7815: vnc: sanitize bits_per_pixel from the client
  CVE-2014-3615: vbe: rework sanity checks
  smbios: Don't allocate smbus eeprom buffer
  pic: Don't allocate irq buffers
  signal: Don't use uninitalised sival_ptr

Aurelien Jarno (1):
  cirrus_vga: fix division by 0 for color expansion rop

Chunjie Zhu (2):
  ide: cancel dma operations on command abort or error
  dma: fix incorrect bh scheduling

Jim Paris (1):
  usb-linux.c: fix buffer overflow

Kaifeng Zhu (11):
  cmdline: Parse -pciemulation before trying to use it
  readline: fix memory corruption when adding history
  block-cow: don't close cow_fd twice on error
  console: Avoid overrunning the dmask arrays
  hw/device-hotplug: fix test of drive_add() return
  qemu-char: fix memory leak in qemu_char_open_pty()
  hw/ide: fix memory leak from qemu_allocate_irqs()
  net: don't leak an fd after an error
  net: Fix memory/handle leaks in net_socket_listen_init()
  block-vvfat: fix memory/handle leaks in commit_one_file()
  block-vvfat: fix memory leak in check_directory_consistency()

Yunlei Ding (8):
  virtio-blk: initialise unused blkcfg.size_max field
  hw/msmouse.c: Fix deref_after_free and double free
  virtio-blk: correctly link new request in virtio_blk_load()
  net: initialize parameters before use in net_socket_fd_init_dgram()
  ide: don't leak irq array in pci_cmd646_ide_init()
  block-nbd: close sock in nbd_open() error path
  block-raw-posix: Fix memory leak in posix_aio_init()
  block-vvfat: fix resource leaks in read_directory()

 block-cow.c         |    1 -
 block-nbd.c         |    3 +
 block-raw-posix.c   |    1 +
 block-vvfat.c       |   37 ++++++++++---
 console.c           |    9 +--
 dma-helpers.c       |   16 +++++-
 hw/cirrus_vga.c     |  138 +++++++++++++++++++++++++++------------------
 hw/device-hotplug.c |    2 +-
 hw/ide.c            |   15 ++---
 hw/irq.c            |   18 +++++-
 hw/irq.h            |    4 ++
 hw/lm832x.c         |   11 +++-
 hw/msmouse.c        |    1 -
 hw/pc.c             |   16 +-----
 hw/vga.c            |  154 +++++++++++++++++++++++++++++++--------------------
 hw/virtio-blk.c     |    3 +-
 net.c               |   13 ++++-
 qemu-char.c         |    2 +
 readline.c          |    2 +-
 usb-linux.c         |   12 +++-
 vl.c                |   21 ++++---
 vnc.c               |   10 ++++
 22 files changed, 320 insertions(+), 169 deletions(-)

-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.