git.ipfire.org Git - thirdparty/qemu.git/commit

author	Gonglei <arei.gonglei@huawei.com>
	Tue, 3 Jan 2017 06:50:03 +0000 (14:50 +0800)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 16 Mar 2017 17:10:39 +0000 (12:10 -0500)
commit	d6f119475d3c9c913f9140771895036be66d5c33
tree	7e83c9b29313017fe92e2c1f1957940902eef95a	tree
parent	f47bf0823b5705dee7e5f557b91cb1192d1431ab	commit \| diff

virtio-crypto: fix possible integer and heap overflow

Because the 'size_t' type is 4 bytes in 32-bit platform, which
is the same with 'int'. It's easy to make 'max_len' to zero when
integer overflow and then cause heap overflow if 'max_len' is zero.

Using uint_64 instead of size_t to avoid the integer overflow.

Cc: qemu-stable@nongnu.org
Reported-by: Li Qiang <liqiang6-s@360.cn>
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Tested-by: Li Qiang <liqiang6-s@360.cn>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit a08aaff811fb194950f79711d2afe5a892ae03a4)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>