ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/hw/timer
History
Michael S. Tsirkin d8aba740f2 hpet: fix buffer overrun on invalid state load 
CVE-2013-4527 hw/timer/hpet.c buffer overrun

hpet is a VARRAY with a uint8 size but static array of 32

To fix, make sure num_timers is valid using VMSTATE_VALID hook.

Reported-by: Anthony Liguori <anthony@codemonkey.ws>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 3f1c49e213)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2014-06-26 14:01:11 -05:00
..
Makefile.objs timer/arm_mptimer: Build arm_mptimer only once 2013-07-09 21:33:02 +02:00
arm_mptimer.c a9mpcore: Embed ARMMPTimerState 2013-11-05 17:47:29 +01:00
arm_timer.c hw/timer/arm_timer: Avoid array overrun for bad addresses 2014-02-27 09:37:58 -06:00
cadence_ttc.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
ds1338.c hw: move target-independent files to subdirectories 2013-04-08 18:13:12 +02:00
etraxfs_timer.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
exynos4210_mct.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
exynos4210_pwm.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
exynos4210_rtc.c misc: Fix some typos in names and comments 2013-09-01 18:59:24 +04:00
grlib_gptimer.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
hpet.c hpet: fix buffer overrun on invalid state load 2014-06-26 14:01:11 -05:00
i8254.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
i8254_common.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
imx_epit.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
imx_gpt.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
lm32_timer.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
m48t59.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
mc146818rtc.c rtc: remove dead SQW IRQ code 2013-11-05 20:04:03 -08:00
milkymist-sysctl.c milkymist-sysctl: QOM cast cleanup 2013-07-29 21:07:01 +02:00
omap_gptimer.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
omap_synctimer.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
pl031.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
puv3_ost.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
pxa2xx_timer.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
sh_timer.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
slavio_timer.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
tusb6010.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
twl92230.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
xilinx_timer.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00