[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 01/45] hw/misc/arm_sysctl: Fix bad boundary check on
From: |
Peter Maydell |
Subject: |
[Qemu-devel] [PULL 01/45] hw/misc/arm_sysctl: Fix bad boundary check on mb clock accesses |
Date: |
Wed, 26 Feb 2014 18:01:51 +0000 |
Fix incorrect use of sizeof() rather than ARRAY_SIZE() to guard
accesses into the mb_clock[] array, which was allowing a malicious
guest to overwrite the end of the array.
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Paolo Bonzini <address@hidden>
Reviewed-by: Andreas Färber <address@hidden>
Message-id: address@hidden
Cc: address@hidden
---
hw/misc/arm_sysctl.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/hw/misc/arm_sysctl.c b/hw/misc/arm_sysctl.c
index 0fc26d2..3fad6f8 100644
--- a/hw/misc/arm_sysctl.c
+++ b/hw/misc/arm_sysctl.c
@@ -276,7 +276,7 @@ static bool vexpress_cfgctrl_read(arm_sysctl_state *s,
unsigned int dcc,
}
break;
case SYS_CFG_OSC:
- if (site == SYS_CFG_SITE_MB && device < sizeof(s->mb_clock)) {
+ if (site == SYS_CFG_SITE_MB && device < ARRAY_SIZE(s->mb_clock)) {
/* motherboard clock */
*val = s->mb_clock[device];
return true;
@@ -324,7 +324,7 @@ static bool vexpress_cfgctrl_write(arm_sysctl_state *s,
unsigned int dcc,
switch (function) {
case SYS_CFG_OSC:
- if (site == SYS_CFG_SITE_MB && device < sizeof(s->mb_clock)) {
+ if (site == SYS_CFG_SITE_MB && device < ARRAY_SIZE(s->mb_clock)) {
/* motherboard clock */
s->mb_clock[device] = val;
return true;
--
1.9.0
- [Qemu-devel] [PULL 05/45] hw/intc/exynos4210_combiner: Don't overrun output_irq array in init, (continued)
- [Qemu-devel] [PULL 05/45] hw/intc/exynos4210_combiner: Don't overrun output_irq array in init, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 20/45] target-arm: Implement AArch64 dummy MDSCR_EL1, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 14/45] target-arm: Fix raw read and write functions on AArch64 registers, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 13/45] hw: arm_gic_kvm: Add KVM VGIC save/restore logic, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 28/45] target-arm: Implement AArch64 ID and feature registers, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 26/45] target-arm: Implement AArch64 MPIDR, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 08/45] hw/intc/arm_gic: Fix GIC_SET_LEVEL, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 32/45] target-arm: A64: Implement WFI, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 19/45] target-arm: Implement AArch64 TLB invalidate ops, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 02/45] hw/net/stellaris_enet: Avoid unintended sign extension, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 01/45] hw/misc/arm_sysctl: Fix bad boundary check on mb clock accesses,
Peter Maydell <=
- [Qemu-devel] [PULL 09/45] linux-headers: Update from v3.14-rc3, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 21/45] target-arm: Implement AArch64 memory attribute registers, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 18/45] target-arm: Implement AArch64 cache invalidate/clean ops, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 03/45] hw/timer/arm_timer: Avoid array overrun for bad addresses, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 07/45] target-arm: Load correct access bits from ARMv5 level 2 page table descriptors, Peter Maydell, 2014/02/26
- [Qemu-devel] [PULL 06/45] hw/arm/musicpal: Remove nonexistent CDTP2, CDTP3 registers, Peter Maydell, 2014/02/26
- Re: [Qemu-devel] [PULL 00/45] target-arm queue, Peter Maydell, 2014/02/27