Re: [Qemu-devel] [PATCH v5 12/24] vmstate: fix buffer overflow in target

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v5 12/24] vmstate: fix buffer overflow in target

From:	Juan Quintela
Subject:	Re: [Qemu-devel] [PATCH v5 12/24] vmstate: fix buffer overflow in target-arm/machine.c
Date:	Fri, 04 Apr 2014 11:43:16 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

"Michael S. Tsirkin" <address@hidden> wrote:
> CVE-2013-4531
>
> cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for
> cpreg_vmstate_array_len will cause a buffer overflow.
>
> VMSTATE_INT32_LE was supposed to protect against this
> but doesn't because it doesn't validate that input is
> non-negative.
>
> Fix this macro to valide the value appropriately.
>
> The only other user of VMSTATE_INT32_LE doesn't
> ever use negative numbers so it doesn't care.
>
> Reported-by: Anthony Liguori <address@hidden>
> Signed-off-by: Michael S. Tsirkin <address@hidden>

Reviewed-by: Juan Quintela <address@hidden>

Integrated.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH v5 01/24] vmstate: reduce code duplication, (continued)
- [Qemu-devel] [PATCH v5 08/24] ahci: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/04/03
- [Qemu-devel] [PATCH v5 09/24] hpet: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/04/03
  - Re: [Qemu-devel] [PATCH v5 09/24] hpet: fix buffer overrun on invalid state load, Juan Quintela, 2014/04/04
    - Re: [Qemu-devel] [PATCH v5 09/24] hpet: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/04/04
    - Re: [Qemu-devel] [PATCH v5 09/24] hpet: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/04/04
    - Re: [Qemu-devel] [PATCH v5 09/24] hpet: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/04/04
- [Qemu-devel] [PATCH v5 10/24] hw/pci/pcie_aer.c: fix buffer overruns on invalid state load, Michael S. Tsirkin, 2014/04/03
- [Qemu-devel] [PATCH v5 11/24] pl022: fix buffer overun on invalid state load, Michael S. Tsirkin, 2014/04/03
- [Qemu-devel] [PATCH v5 12/24] vmstate: fix buffer overflow in target-arm/machine.c, Michael S. Tsirkin, 2014/04/03
  - Re: [Qemu-devel] [PATCH v5 12/24] vmstate: fix buffer overflow in target-arm/machine.c, Juan Quintela <=
- [Qemu-devel] [PATCH v5 13/24] virtio: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/04/03
- [Qemu-devel] [PATCH v5 14/24] openpic: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/04/03
  - Re: [Qemu-devel] [PATCH v5 14/24] openpic: avoid buffer overrun on incoming migration, Alexander Graf, 2014/04/03
    - Re: [Qemu-devel] [PATCH v5 14/24] openpic: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/04/28
- [Qemu-devel] [PATCH v5 16/24] pxa2xx: avoid buffer overrun on incoming migration, Michael S. Tsirkin, 2014/04/03
- [Qemu-devel] [PATCH v5 15/24] virtio: validate num_sg when mapping, Michael S. Tsirkin, 2014/04/03
- [Qemu-devel] [PATCH v5 17/24] ssi-sd: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/04/03
  - Re: [Qemu-devel] [PATCH v5 17/24] ssi-sd: fix buffer overrun on invalid state load, Peter Maydell, 2014/04/03
    - Re: [Qemu-devel] [PATCH v5 17/24] ssi-sd: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2014/04/03
- [Qemu-devel] [PATCH v5 18/24] ssd0323: fix buffer overun on invalid state load, Michael S. Tsirkin, 2014/04/03

Prev by Date: Re: [Qemu-devel] [PATCH v5 02/24] vmstate: add VMS_MUST_EXIST
Next by Date: Re: [Qemu-devel] [PATCH v5 22/24] vmstate: s/VMSTATE_INT32_LE/VMSTATE_INT32_POSITIVE_LE/
Previous by thread: [Qemu-devel] [PATCH v5 12/24] vmstate: fix buffer overflow in target-arm/machine.c
Next by thread: [Qemu-devel] [PATCH v5 13/24] virtio: avoid buffer overrun on incoming migration
Index(es):
- Date
- Thread