haraldwolff/qemu-patch-raspberry4
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
qemu-patch-raspberry4/hw
History
Jason Wang fdc89e90fa ne2000: fix possible out of bound access in ne2000_receive 
In ne2000_receive(), we try to assign size_ to size which converts
from size_t to integer. This will cause troubles when size_ is greater
INT_MAX, this will lead a negative value in size and it can then pass
the check of size < MIN_BUF_SIZE which may lead out of bound access of
for both buf and buf1.

Fixing by converting the type of size to size_t.

CC: qemu-stable@nongnu.org
Reported-by: Daniel Shapira <daniel@twistlock.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2018-10-19 11:15:04 +08:00
..
9pfs 9p: darwin: Explicitly cast comparisons of mode_t with -1 2018-06-29 12:32:10 +02:00
acpi pci, pc, virtio: fixes, features 2018-09-24 18:49:11 +01:00
adc Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
alpha change get_image_size return type to int64_t 2018-10-02 19:08:49 +02:00
arm hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART 2018-10-16 16:15:01 +01:00
audio es1370: fix ADC_FRAMEADR and ADC_FRAMECNT 2018-10-02 18:47:55 +02:00
block block: Remove deprecated -drive option serial 2018-08-15 12:50:39 +02:00
bt hw/bt: Replace fprintf(stderr, "*\n" with error_report() 2018-01-22 09:51:00 +01:00
char chardev: mark the calls that allow an implicit mux monitor 2018-10-03 14:45:05 +04:00
core hw/core/generic-loader: Compile only once, not for each target 2018-10-17 08:45:37 +02:00
cpu hw/cpu/a15mpcore: If CPU has EL2, enable it on the GIC and wire it up 2018-08-24 13:17:34 +01:00
cris hw/cris: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
display hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file 2018-10-15 09:57:33 +02:00
dma hw/dma/pl080: Remove hw_error() if DMA is enabled 2018-08-20 11:24:33 +01:00
gpio hw/i2c: Use DeviceClass::realize instead of I2CSlaveClass::init 2018-06-01 15:14:31 +02:00
hppa change get_image_size return type to int64_t 2018-10-02 19:08:49 +02:00
i2c i2c: switch ddc to use the new edid generator 2018-10-15 09:57:33 +02:00
i386 kvmclock: run KVM_KVMCLOCK_CTRL ioctl in vcpu thread 2018-10-02 19:09:13 +02:00
ide replay: replay BH for IDE trim operation 2018-10-02 19:09:13 +02:00
input ps2: prevent changing irq state on save and load 2018-10-02 18:47:55 +02:00
intc hw/intc/arm_gic: Drop GIC_BASE_IRQ macro 2018-09-25 15:13:24 +01:00
ipack hw/ipack: Use the IEC binary prefix definitions 2018-07-02 15:41:12 +02:00
ipmi ipmi: Use proper struct reference for BT vmstate 2018-08-23 18:46:25 +02:00
isa i2c: pm_smbus: Add the ability to force block transfer enable 2018-08-23 18:46:25 +02:00
lm32 hw/lm32: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
m68k hw/m68k: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
mem pc-dimm: assign and verify the "addr" property during pre_plug 2018-08-23 18:46:25 +02:00
microblaze hw/microblaze/xlnx-zynqmp-pmu: Fix introspection problem in 'xlnx, zynqmp-pmu-soc' 2018-07-23 15:21:25 +01:00
mips change get_image_size return type to int64_t 2018-10-02 19:08:49 +02:00
misc ivshmem: Fix unplug of device "ivshmem-plain" 2018-10-10 08:01:36 +02:00
moxie change get_image_size return type to int64_t 2018-10-02 19:08:49 +02:00
net ne2000: fix possible out of bound access in ne2000_receive 2018-10-19 11:15:04 +08:00
nios2 hw/nios2: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
nvram hw/nvram/fw_cfg: Use memberwise copy of MemoryRegionOps struct 2018-10-02 19:09:14 +02:00
openrisc Change references to serial_hds[] to serial_hd() 2018-04-26 13:57:00 +01:00
pci qmp, hmp: make subsystem/system-vendor identities optional 2018-10-11 19:58:26 +01:00
pci-bridge hw/pci: add PCI resource reserve capability to legacy PCI bridge 2018-09-07 17:05:18 -04:00
pci-host ppc patch queue 2018-09-25 2018-09-25 13:30:45 +01:00
pcmcia hw: Clean up includes 2016-01-29 15:07:25 +00:00
ppc ppc patch queue 2018-09-25 2018-09-25 13:30:45 +01:00
rdma config: split PVRDMA from RDMA 2018-08-18 18:01:34 +03:00
riscv Error reporting & miscellaneous patches for 2018-09-24 2018-09-25 11:37:39 +01:00
s390x hw/s390x: Include the tod-qemu also for builds with --disable-tcg 2018-10-12 11:32:19 +02:00
scsi hw/scsi/mptendian: Avoid taking address of fields in packed structs 2018-10-02 19:09:14 +02:00
sd sdhci: add i.MX SD Stable Clock bit 2018-08-20 11:24:32 +01:00
sh4 hw/sh4: Use the IEC binary prefix definitions 2018-07-02 15:41:15 +02:00
smbios hw/smbios: Use the IEC binary prefix definitions 2018-07-02 15:41:12 +02:00
sparc sun4m: don't use legacy fw_cfg_init_mem() function 2018-08-20 19:18:31 +01:00
sparc64 sun4u: implement custom FWPathProvider 2018-09-14 09:18:11 +01:00
ssi aspeed/smc: fix some alignment issues 2018-09-25 15:13:24 +01:00
timer aspeed/timer: fix compile breakage with clang 3.4.2 2018-09-25 15:13:24 +01:00
tpm tpm: extend TPM TIS with state migration support 2018-05-24 12:07:04 -04:00
tricore hw/tricore: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
unicore32 hw/input/i8042: Extract declarations from i386/pc.h into input/i8042.h 2018-03-12 16:12:48 +01:00
usb ohci: set effectively usb frame rate to 1kHz 2018-10-01 10:49:54 +02:00
vfio vfio-pci: make vfio-pci device more QOM conventional 2018-10-15 11:22:29 -06:00
virtio clean up callback when del virtqueue 2018-10-19 11:15:03 +08:00
watchdog qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00
xen xen: Don't use memory_region_init_ram_nomigrate() in pci_assign_dev_load_option_rom() 2018-06-22 13:28:42 +01:00
xenpv hw/xen: Use the IEC binary prefix definitions 2018-07-02 15:41:13 +02:00
xtensa hw/xtensa: Use the IEC binary prefix definitions 2018-07-02 15:41:14 +02:00
Makefile.objs hw: allow compiling out SCSI 2018-06-01 15:14:31 +02:00