haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw/ppc
History
Thomas Huth ef001f069e ppc/spapr: Fix buffer overflow in spapr_populate_drconf_memory() 
The buffer that is allocated in spapr_populate_drconf_memory()
is used for setting both, the "ibm,dynamic-memory" and the
"ibm,associativity-lookup-arrays" property. However, only the
size of the first one is taken into account when allocating the
memory. So if the length of the second property is larger than
the length of the first one, we run into a buffer overflow here!
Fix it by taking the length of the second property into account,
too.

Fixes: "spapr: Support ibm,dynamic-reconfiguration-memory" patch
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2015-09-23 10:51:11 +10:00
..
e500-ccsr.h ppc: do not use ../ in include files 2013-03-01 13:57:33 +01:00
e500.c kvm_ppc: remove kvmppc_timer_hack 2015-09-20 22:48:38 +02:00
e500.h PPC: e500 pci host: Add support for ATMUs 2015-01-07 16:16:24 +01:00
e500plat.c Use DEFINE_MACHINE() to register all machines 2015-09-19 16:40:15 +02:00
mac.h block: Rename BlockDriverAIOCB* to BlockAIOCB* 2014-10-20 13:41:27 +02:00
mac_newworld.c machine: Set MachineClass::name automatically 2015-09-19 16:39:28 +02:00
mac_oldworld.c Use DEFINE_MACHINE() to register all machines 2015-09-19 16:40:15 +02:00
Makefile.objs spapr_drc: initial implementation of sPAPRDRConnector device 2015-06-03 23:56:52 +02:00
mpc8544_guts.c cpu: Replace cpu_single_env with CPUState current_cpu 2013-07-09 21:20:28 +02:00
mpc8544ds.c Use DEFINE_MACHINE() to register all machines 2015-09-19 16:40:15 +02:00
ppc.c timer: rename NSEC_PER_SEC due to Mac OS X header clash 2015-07-20 17:01:00 +01:00
ppc4xx_devs.c SCSI changes that enable sending vendor-specific commands via virtio-scsi. 2014-08-19 13:00:57 +01:00
ppc4xx_pci.c hw/pci/ppc4xx_pci.c: Remove unused pci4xx_cfgaddr_read/write/ops 2014-11-04 23:26:12 +01:00
ppc405.h hw: move private headers to hw/ subdirectories. 2013-04-08 18:13:16 +02:00
ppc405_boards.c Revert use of DEFINE_MACHINE() for registrations of multiple machines 2015-09-19 16:40:27 +02:00
ppc405_uc.c Fix bad error handling after memory_region_init_ram() 2015-09-18 14:39:29 +02:00
ppc440_bamboo.c kvm_ppc: remove kvmppc_timer_hack 2015-09-20 22:48:38 +02:00
ppc_booke.c hw/ppc: Avoid shifting left into sign bit 2014-03-27 19:22:49 +04:00
ppce500_spin.c Convert (ffs(val) - 1) to ctz32(val) 2015-04-28 15:36:08 +02:00
prep.c Use DEFINE_MACHINE() to register all machines 2015-09-19 16:40:15 +02:00
spapr.c ppc/spapr: Fix buffer overflow in spapr_populate_drconf_memory() 2015-09-23 10:51:11 +10:00
spapr_drc.c spapr: Don't use QOM [*] syntax for DR connectors. 2015-09-23 10:51:10 +10:00
spapr_events.c spapr: Support hotplug by specifying DRC count 2015-09-23 10:51:11 +10:00
spapr_hcall.c spapr: Support ibm,dynamic-reconfiguration-memory 2015-09-23 10:51:10 +10:00
spapr_iommu.c spapr_iommu: translate sPAPRTCEAccess to IOMMUAccessFlags 2015-07-07 17:44:51 +02:00
spapr_pci.c spapr: Support hotplug by specifying DRC count 2015-09-23 10:51:11 +10:00
spapr_pci_vfio.c sPAPR: Clear stale MSIx table during EEH reset 2015-07-07 17:44:54 +02:00
spapr_rtas.c spapr_drc: use RTAS return codes for methods called by RTAS 2015-09-23 10:51:10 +10:00
spapr_rtc.c timer: rename NSEC_PER_SEC due to Mac OS X header clash 2015-07-20 17:01:00 +01:00
spapr_vio.c spapr: Merge sPAPREnvironment into sPAPRMachineState 2015-07-07 17:44:50 +02:00
virtex_ml507.c Use DEFINE_MACHINE() to register all machines 2015-09-19 16:40:15 +02:00