qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for-1.4 v2] target-i386: kvm: prevent buffer ove

From: Laszlo Ersek
Subject: Re: [Qemu-devel] [PATCH for-1.4 v2] target-i386: kvm: prevent buffer overflow if -cpu foo, [x]level is too big
Date: Mon, 28 Jan 2013 13:01:48 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130108 Thunderbird/10.0.12 
On 01/28/13 12:49, Igor Mammedov wrote:
> Stack corruption may occur if too big 'level' or 'xlevel' values passed
> on command line with KVM enabled, due to limited size of cpuid_data
> in kvm_arch_init_vcpu().
> 
> reproduces with:
>  qemu -enable-kvm -cpu qemu64,level=4294967295
> or
>  qemu -enable-kvm -cpu qemu64,xlevel=4294967295
> 
> Check if there is space in cpuid_data before passing it to cpu_x86_cpuid()
> or abort() if there is not space.
> 
> Signed-off-by: Igor Mammedov <address@hidden>
> ---
>   * v2:
>     * use macro instead of const int max_cpuid_entries to fix build breakage
>       in C99 mode. Suggested-By: Laszlo Ersek <address@hidden>
>     * compare with array index instead of address of the last element
>           Sugested-By: Marcelo Tosatti <address@hidden>
> 
> ---
>  target-i386/kvm.c |   25 ++++++++++++++++++++++++-
>  1 files changed, 24 insertions(+), 1 deletions(-)

Reviewed-by: Laszlo Ersek <address@hidden>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]