]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0e74862) | patch
bochs: Check catalog_size header field (CVE-2014-0143)
authorKevin Wolf <kwolf@redhat.com>
Wed, 26 Mar 2014 12:05:33 +0000 (13:05 +0100)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Thu, 3 Jul 2014 21:18:11 +0000 (16:18 -0500)
commit6b94cfeca8f9727ae6de41f2b53f1f906620c49a
treeb6f76aae7e7da53c513cbc906272ebebae1fec38tree
parent0e748624bd2261e7589b40b31413d62dc841957acommit | diff
bochs: Check catalog_size header field (CVE-2014-0143)

It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap
buffer overflow on big endian hosts.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit e3737b820b45e54b059656dc3f914f895ac7a88b)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
block/bochs.c diff | blob | blame | history
tests/qemu-iotests/078 diff | blob | blame | history
tests/qemu-iotests/078.out diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git