ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xemu/hw/gpio
History
Michael S. Tsirkin 8d948a000d zaurus: fix buffer overrun on invalid state load 
CVE-2013-4540

Within scoop_gpio_handler_update, if prev_level has a high bit set, then
we get bit > 16 and that causes a buffer overrun.

Since prev_level comes from wire indirectly, this can
happen on invalid state load.

Similarly for gpio_level and gpio_dir.

To fix, limit to 16 bit.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 52f91c3723)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2014-06-26 14:21:17 -05:00
..
Makefile.objs hw: move GPIO interfaces to hw/gpio/, configure with default-configs/ 2013-04-08 18:13:16 +02:00
max7310.c hw: move target-independent files to subdirectories 2013-04-08 18:13:12 +02:00
omap_gpio.c omap_gpio: QOM cast cleanup for omap2_gpif_s 2013-07-29 21:06:46 +02:00
pl061.c pl061: QOM'ify pl061 and pl061_luminary 2013-07-29 21:06:46 +02:00
puv3_gpio.c puv3_gpio: QOM cast cleanup 2013-07-29 21:06:57 +02:00
zaurus.c zaurus: fix buffer overrun on invalid state load 2014-06-26 14:21:17 -05:00