]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f1a8429) | patch
ivshmem: validate incoming_posn value from server
authorStefan Hajnoczi <stefanha@redhat.com>
Mon, 15 Sep 2014 16:40:06 +0000 (18:40 +0200)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Tue, 6 Jan 2015 21:43:21 +0000 (15:43 -0600)
commit15905fde7bd40bc15173e77661981d462e6ca62b
tree0e5e934ebdfecbd59be4a9f8484c1bd0844af913tree
parentf1a842948a20ea25fef1d0f842b115805b269c02commit | diff
ivshmem: validate incoming_posn value from server

Check incoming_posn to avoid out-of-bounds array accesses if the ivshmem
server on the host sends invalid values.

Cc: Cam Macdonell <cam@cs.ualberta.ca>
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
[AF: Tighten upper bound check for posn in close_guest_eventfds()]
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 363ba1c72fed4425e7917afc36722584aaeaad8a)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
hw/misc/ivshmem.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git