Michael S. Tsirkin d34e6f7960 ahci: fix buffer overrun on invalid state load ... CVE-2013-4526 Within hw/ide/ahci.c, VARRAY refers to ports which is also loaded. So we use the old version of ports to read the array but then allow any value for ports. This can cause the code to overflow. There's no reason to migrate ports - it never changes. So just make sure it matches. Reported-by: Anthony Liguori <anthony@codemonkey.ws> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Juan Quintela <quintela@redhat.com> (cherry picked from commit ae2158ad6c) Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>		2014-06-26 14:00:54 -05:00
..
Makefile.objs	hw: make all of hw/ide/ configurable via default-configs/	2013-04-08 18:13:12 +02:00
ahci.c	ahci: fix buffer overrun on invalid state load	2014-06-26 14:00:54 -05:00
ahci.h	ide/ich: QOM parent field cleanup	2013-07-23 00:37:33 +02:00
atapi.c	bswap.h: Remove cpu_to_be16wu()	2013-11-05 19:57:47 -08:00
cmd646.c	hw: set interrupts using pci irq wrappers	2013-10-14 17:11:45 +03:00
core.c	ide: Correct improper smart self test counter reset in ide core.	2014-06-25 15:56:17 -05:00
ich.c	hw: set interrupts using pci irq wrappers	2013-10-14 17:11:45 +03:00
internal.h	ide: Drop ide_init2_with_non_qdev_drives()	2013-11-05 18:06:52 +01:00
isa.c	ide: Pass size to ide_bus_new()	2013-08-30 20:14:39 +02:00
macio.c	ide: Pass size to ide_bus_new()	2013-08-30 20:14:39 +02:00
microdrive.c	microdrive: Coding Style cleanups	2013-11-05 18:06:52 +01:00
mmio.c	ide: Pass size to ide_bus_new()	2013-08-30 20:14:39 +02:00
pci.c	ide: Introduce abstract QOM type for PCIIDEState	2013-07-29 20:41:49 +02:00
pci.h	ide: Introduce abstract QOM type for PCIIDEState	2013-07-29 20:41:49 +02:00
piix.c	ide: Pass size to ide_bus_new()	2013-08-30 20:14:39 +02:00
qdev.c	qdev: Pass size to qbus_create_inplace()	2013-08-30 21:15:35 +02:00
via.c	ide: Pass size to ide_bus_new()	2013-08-30 20:14:39 +02:00