ShuriZma
/
xqemu
mirror of https://github.com/xqemu/xqemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
32,617 Commits 1 Branch 1 Tag 238 MiB
Commit Graph

6 Commits

Author SHA1 Message Date
Michael S. Tsirkin 52f91c3723 zaurus: fix buffer overrun on invalid state load 
CVE-2013-4540

Within scoop_gpio_handler_update, if prev_level has a high bit set, then
we get bit > 16 and that causes a buffer overrun.

Since prev_level comes from wire indirectly, this can
happen on invalid state load.

Similarly for gpio_level and gpio_dir.

To fix, limit to 16 bit.

Reported-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
 2014-05-05 22:15:02 +02:00
Andreas Färber a009de46bd gpio/zaurus: QOM cast cleanup 
Signed-off-by: Andreas Färber <afaerber@suse.de>
 2013-07-29 21:06:57 +02:00
Paolo Bonzini b716368778 hw/gpio: pass owner to memory_region_init* functions 
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 2013-07-04 17:42:47 +02:00
Paolo Bonzini 2c9b15cab1 memory: add owner argument to initialization functions 
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 2013-07-04 17:42:44 +02:00
Stefan Weil e1fe50dcb3 Remove unneeded type casts 
cpu_physical_memory_read, cpu_physical_memory_write take any pointer
as 2nd argument without needing a type cast.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Andreas Färber <afaerber@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
 2013-04-19 11:36:33 +02:00
Paolo Bonzini 5193899a5a hw: move GPIO interfaces to hw/gpio/, configure with default-configs/ 
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
 2013-04-08 18:13:16 +02:00