haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw/usb
History
Marc-André Lureau 7b84b90966 usbredir: fix buffer-overflow on vmload 
If interface_count is NO_INTERFACE_INFO, let's not access the arrays
out-of-bounds.

==994==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000243930 at pc 0x5642068086a8 bp 0x7f0b6f9ffa50 sp 0x7f0b6f9ffa40
READ of size 1 at 0x625000243930 thread T0
    #0 0x5642068086a7 in usbredir_check_bulk_receiving /home/elmarco/src/qemu/hw/usb/redirect.c:1503
    #1 0x56420681301c in usbredir_post_load /home/elmarco/src/qemu/hw/usb/redirect.c:2154
    #2 0x5642068a56c2 in vmstate_load_state /home/elmarco/src/qemu/migration/vmstate.c:168
    #3 0x56420688e2ac in vmstate_load /home/elmarco/src/qemu/migration/savevm.c:829
    #4 0x5642068980cb in qemu_loadvm_section_start_full /home/elmarco/src/qemu/migration/savevm.c:2211
    #5 0x564206899645 in qemu_loadvm_state_main /home/elmarco/src/qemu/migration/savevm.c:2395
    #6 0x5642068998cf in qemu_loadvm_state /home/elmarco/src/qemu/migration/savevm.c:2467
    #7 0x56420685f3e9 in process_incoming_migration_co /home/elmarco/src/qemu/migration/migration.c:449
    #8 0x564207106c47 in coroutine_trampoline /home/elmarco/src/qemu/util/coroutine-ucontext.c:115
    #9 0x7f0c0604e37f  (/lib64/libc.so.6+0x4d37f)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20190807084048.4258-1-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2019-08-21 10:42:00 +02:00
..
bus.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
ccid-card-emulated.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
ccid-card-passthru.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
ccid.h Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
chipidea.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
combined-packet.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
core.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
desc-msos.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
desc.c usb: use local path for local headers 2018-06-01 19:20:38 +03:00
desc.h all: Clean up includes 2016-02-23 12:43:05 +00:00
dev-audio.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
dev-bluetooth.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
dev-hid.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
dev-hub.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
dev-mtp.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
dev-network.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
dev-serial.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
dev-smartcard-reader.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
dev-storage.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
dev-uas.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
dev-wacom.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
hcd-ehci-pci.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
hcd-ehci-sysbus.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
hcd-ehci.c sysemu: Split sysemu/runstate.h off sysemu/sysemu.h 2019-08-16 13:37:36 +02:00
hcd-ehci.h sysemu: Move the VMChangeStateEntry typedef to qemu/typedefs.h 2019-08-16 13:31:53 +02:00
hcd-musb.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
hcd-ohci-pci.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
hcd-ohci.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
hcd-ohci.h hw/usb/hcd-ohci: Move PCI-related code into a separate file 2019-05-02 08:42:17 +02:00
hcd-uhci.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
hcd-xhci-nec.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
hcd-xhci.c Include hw/qdev-properties.h less 2019-08-16 13:31:53 +02:00
hcd-xhci.h Supply missing header guards 2019-06-12 13:20:21 +02:00
host-libusb.c sysemu: Split sysemu/runstate.h off sysemu/sysemu.h 2019-08-16 13:37:36 +02:00
host-stub.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
host.h usb-host: move legacy cmd line bits 2013-02-19 12:30:05 +01:00
Kconfig hw/usb/Kconfig: USB_XHCI_NEC requires USB_XHCI 2019-07-15 20:58:37 +02:00
libhw.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
Makefile.objs hw/usb/Kconfig: Add CONFIG_USB_EHCI_PCI 2019-07-15 20:58:37 +02:00
quirks-ftdi-ids.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
quirks-pl2303-ids.h usbredir: Add support for buffered bulk input (v2) 2013-01-08 10:56:58 +01:00
quirks.c usb: Clean up includes 2016-01-29 15:07:23 +00:00
quirks.h Supply missing header guards 2019-06-12 13:20:21 +02:00
redirect.c usbredir: fix buffer-overflow on vmload 2019-08-21 10:42:00 +02:00
trace-events trace-events: Shorten file names in comments 2019-03-22 16:18:07 +00:00
tusb6010.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
xen-usb.c Include qemu/main-loop.h less 2019-08-16 13:31:52 +02:00