[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 7b84b9: usbredir: fix buffer-overflow on vmlo
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 7b84b9: usbredir: fix buffer-overflow on vmload |
|
Date: |
Thu, 22 Aug 2019 08:12:55 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 7b84b90966568da0e05655ecaa78c209300aae6e
https://github.com/qemu/qemu/commit/7b84b90966568da0e05655ecaa78c209300aae6e
Author: Marc-André Lureau <address@hidden>
Date: 2019-08-21 (Wed, 21 Aug 2019)
Changed paths:
M hw/usb/redirect.c
Log Message:
-----------
usbredir: fix buffer-overflow on vmload
If interface_count is NO_INTERFACE_INFO, let's not access the arrays
out-of-bounds.
==994==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000243930
at pc 0x5642068086a8 bp 0x7f0b6f9ffa50 sp 0x7f0b6f9ffa40
READ of size 1 at 0x625000243930 thread T0
#0 0x5642068086a7 in usbredir_check_bulk_receiving
/home/elmarco/src/qemu/hw/usb/redirect.c:1503
#1 0x56420681301c in usbredir_post_load
/home/elmarco/src/qemu/hw/usb/redirect.c:2154
#2 0x5642068a56c2 in vmstate_load_state
/home/elmarco/src/qemu/migration/vmstate.c:168
#3 0x56420688e2ac in vmstate_load
/home/elmarco/src/qemu/migration/savevm.c:829
#4 0x5642068980cb in qemu_loadvm_section_start_full
/home/elmarco/src/qemu/migration/savevm.c:2211
#5 0x564206899645 in qemu_loadvm_state_main
/home/elmarco/src/qemu/migration/savevm.c:2395
#6 0x5642068998cf in qemu_loadvm_state
/home/elmarco/src/qemu/migration/savevm.c:2467
#7 0x56420685f3e9 in process_incoming_migration_co
/home/elmarco/src/qemu/migration/migration.c:449
#8 0x564207106c47 in coroutine_trampoline
/home/elmarco/src/qemu/util/coroutine-ucontext.c:115
#9 0x7f0c0604e37f (/lib64/libc.so.6+0x4d37f)
Signed-off-by: Marc-André Lureau <address@hidden>
Reviewed-by: Liam Merwick <address@hidden>
Reviewed-by: Li Qiang <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: baeed705081be1919d6929dfdb405c37b2df9cd5
https://github.com/qemu/qemu/commit/baeed705081be1919d6929dfdb405c37b2df9cd5
Author: Martin Cerveny <address@hidden>
Date: 2019-08-21 (Wed, 21 Aug 2019)
Changed paths:
M hw/usb/redirect.c
Log Message:
-----------
usb-redir: merge interrupt packets
Interrupt packets (limited by wMaxPacketSize) should be buffered and merged
by algorithm described in USB spec.
(see usb_20.pdf/5.7.3 Interrupt Transfer Packet Size Constraints).
Signed-off-by: Martin Cerveny <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: dc2c037fd23ea3dcf2e13afda22c1c64ab56f96b
https://github.com/qemu/qemu/commit/dc2c037fd23ea3dcf2e13afda22c1c64ab56f96b
Author: Hikaru Nishida <address@hidden>
Date: 2019-08-21 (Wed, 21 Aug 2019)
Changed paths:
M hw/usb/hcd-xhci.c
Log Message:
-----------
xhci: Add No Op Command
This commit adds No Op Command (23) to xHC for verifying the operation
of the Command Ring mechanisms.
No Op Command is defined in XHCI spec (4.6.2) and just reports Command
Completion Event with Completion Code == Success.
Before this commit, No Op Command is not implemented so xHC reports
Command Completion Event with Completion Code == TRB Error. This commit
fixes this behaviour to report Completion Code correctly.
Signed-off-by: Hikaru Nishida <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 73f46fef7400dc1dc6cb5e8914d3d1b3b673459f
https://github.com/qemu/qemu/commit/73f46fef7400dc1dc6cb5e8914d3d1b3b673459f
Author: Stefan Hajnoczi <address@hidden>
Date: 2019-08-21 (Wed, 21 Aug 2019)
Changed paths:
M qemu-options.hx
Log Message:
-----------
usb: reword -usb command-line option and mention xHCI
The -usb section of the man page is not very clear on what exactly -usb
does and fails to mention xHCI as a modern alternative (-device
nec-usb-xhci).
Signed-off-by: Stefan Hajnoczi <address@hidden>
Reviewed-by: Thomas Huth <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 1be344b7ad25d572dadeee46d80f0103354352b2
https://github.com/qemu/qemu/commit/1be344b7ad25d572dadeee46d80f0103354352b2
Author: Gerd Hoffmann <address@hidden>
Date: 2019-08-22 (Thu, 22 Aug 2019)
Changed paths:
M hw/usb/hcd-ehci.c
Log Message:
-----------
ehci: fix queue->dev null ptr dereference
In case we don't have a device for an active queue, just skip
processing the queue (same we do for inactive queues) and log
a guest bug.
Reported-by: Guenter Roeck <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Tested-by: Guenter Roeck <address@hidden>
Message-id: address@hidden
Commit: 4a71d0af7b9c4ab861c9db2111db73771999c81b
https://github.com/qemu/qemu/commit/4a71d0af7b9c4ab861c9db2111db73771999c81b
Author: Peter Maydell <address@hidden>
Date: 2019-08-22 (Thu, 22 Aug 2019)
Changed paths:
M hw/usb/hcd-ehci.c
M hw/usb/hcd-xhci.c
M hw/usb/redirect.c
M qemu-options.hx
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/usb-20190822-pull-request'
into staging
usb: bugfixes and minor improvements.
# gpg: Signature made Thu 22 Aug 2019 07:52:32 BST
# gpg: using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>" [full]
# gpg: aka "Gerd Hoffmann <address@hidden>" [full]
# gpg: aka "Gerd Hoffmann (private) <address@hidden>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/usb-20190822-pull-request:
ehci: fix queue->dev null ptr dereference
usb: reword -usb command-line option and mention xHCI
xhci: Add No Op Command
usb-redir: merge interrupt packets
usbredir: fix buffer-overflow on vmload
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/d86766a9d0e5...4a71d0af7b9c
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 7b84b9: usbredir: fix buffer-overflow on vmload,
Peter Maydell <=