]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 345fab6) | patch
ppc/pnv: check size before data buffer access
authorPrasad J Pandit <pjp@fedoraproject.org>
Fri, 26 Oct 2018 12:33:58 +0000 (18:03 +0530)
committerMichael Roth <mdroth@linux.vnet.ibm.com>
Tue, 2 Apr 2019 18:17:03 +0000 (13:17 -0500)
commit8d2527617218cc65dfd978432b5e2159eb87ae5a
tree17b34cba21c253f06bb54323d86b5d1ebc437a0btree
parent345fab6ffe57b0bf6dccbc0844f45f77b91d9de0commit | diff
ppc/pnv: check size before data buffer access

While performing PowerNV memory r/w operations, the access length
'sz' could exceed the data[4] buffer size. Add check to avoid OOB
access.

Reported-by: Moguofang <moguofang@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
(cherry picked from commit d07945e78eb6b593cd17a4640c1fc9eb35e3245d)
*CVE-2018-18954
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
hw/ppc/pnv_lpc.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git