[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for-1.4 v2] target-i386: kvm: prevent buffer ove
From: |
Laszlo Ersek |
Subject: |
Re: [Qemu-devel] [PATCH for-1.4 v2] target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big |
Date: |
Mon, 28 Jan 2013 13:01:48 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130108 Thunderbird/10.0.12 |
On 01/28/13 12:49, Igor Mammedov wrote:
> Stack corruption may occur if too big 'level' or 'xlevel' values passed
> on command line with KVM enabled, due to limited size of cpuid_data
> in kvm_arch_init_vcpu().
>
> reproduces with:
> qemu -enable-kvm -cpu qemu64,level=4294967295
> or
> qemu -enable-kvm -cpu qemu64,xlevel=4294967295
>
> Check if there is space in cpuid_data before passing it to cpu_x86_cpuid()
> or abort() if there is not space.
>
> Signed-off-by: Igor Mammedov <address@hidden>
> ---
> * v2:
> * use macro instead of const int max_cpuid_entries to fix build breakage
> in C99 mode. Suggested-By: Laszlo Ersek <address@hidden>
> * compare with array index instead of address of the last element
> Sugested-By: Marcelo Tosatti <address@hidden>
>
> ---
> target-i386/kvm.c | 25 ++++++++++++++++++++++++-
> 1 files changed, 24 insertions(+), 1 deletions(-)
Reviewed-by: Laszlo Ersek <address@hidden>