[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 09/23] target-arm/machine.c: fix buffer overflow on
|
From: |
Michael S. Tsirkin |
|
Subject: |
[Qemu-stable] [PATCH 09/23] target-arm/machine.c: fix buffer overflow on invalid state load |
|
Date: |
Tue, 3 Dec 2013 18:28:45 +0200 |
CVE-2013-4531
cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for
cpreg_vmstate_array_len will cause a buffer overflow.
Reported-by: Anthony Liguori <address@hidden>
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
target-arm/machine.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/target-arm/machine.c b/target-arm/machine.c
index 74f010f..d46b7e8 100644
--- a/target-arm/machine.c
+++ b/target-arm/machine.c
@@ -178,6 +178,10 @@ static int cpu_post_load(void *opaque, int version_id)
ARMCPU *cpu = opaque;
int i, v;
+ if (cpu->cpreg_vmstate_array_len < 0) {
+ return -1;
+ }
+
/* Update the values list from the incoming migration data.
* Anything in the incoming data which we don't know about is
* a migration failure; anything we know about but the incoming
--
MST
- [Qemu-stable] [PATCH 05/23] ahci: fix buffer overrun on invalid state load, (continued)
[Qemu-stable] [PATCH 09/23] target-arm/machine.c: fix buffer overflow on invalid state load,
Michael S. Tsirkin <=
[Qemu-stable] [PATCH 10/23] stellaris_enet: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2013/12/03
[Qemu-stable] [PATCH 12/23] stellaris_enet: avoid buffer orerrun on incoming migration (part 3), Michael S. Tsirkin, 2013/12/03
[Qemu-stable] [PATCH 13/23] virtio: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2013/12/03
[Qemu-stable] [PATCH 14/23] openpic: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2013/12/03
[Qemu-stable] [PATCH 16/23] virtio: validate num_sg when mapping, Michael S. Tsirkin, 2013/12/03
[Qemu-stable] [PATCH 15/23] pxa2xx: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2013/12/03