Re: [Qemu-ppc] [PATCH] ppc/spapr: Fix buffer overflow in spapr_populate

qemu-ppc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-ppc] [PATCH] ppc/spapr: Fix buffer overflow in spapr_populate_

From:	David Gibson
Subject:	Re: [Qemu-ppc] [PATCH] ppc/spapr: Fix buffer overflow in spapr_populate_drconf_memory()
Date:	Wed, 16 Sep 2015 12:24:47 +1000
User-agent:	Mutt/1.5.23 (2014-03-12)

On Tue, Sep 15, 2015 at 09:34:20PM +0200, Thomas Huth wrote:
> The buffer that is allocated in spapr_populate_drconf_memory()
> is used for setting both, the "ibm,dynamic-memory" and the
> "ibm,associativity-lookup-arrays" property. However, only the
> size of the first one is taken into account when allocating the
> memory. So if the length of the second property is larger than
> the length of the first one, we run into a buffer overflow here!
> Fix it by taking the length of the second property into account,
> too.
> 
> Fixes: "spapr: Support ibm,dynamic-reconfiguration-memory" patch
> Signed-off-by: Thomas Huth <address@hidden>

Merged to spapr-next, thanks.

-- 
David Gibson                    | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au  | minimalist, thank you.  NOT _the_ _other_
                                | _way_ _around_!
http://www.ozlabs.org/~dgibson

pgpKUzTjvYVLE.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-ppc] [PATCH] ppc/spapr: Fix buffer overflow in spapr_populate_drconf_memory(), Thomas Huth, 2015/09/15
- Re: [Qemu-ppc] [PATCH] ppc/spapr: Fix buffer overflow in spapr_populate_drconf_memory(), David Gibson <=

Prev by Date: Re: [Qemu-ppc] [PATCH] spapr_pci: fix device tree props for MSI/MSI-X
Next by Date: Re: [Qemu-ppc] [RFCv2 1/2] spapr: Remove unnecessary owner field from sPAPRDRConnector
Previous by thread: [Qemu-ppc] [PATCH] ppc/spapr: Fix buffer overflow in spapr_populate_drconf_memory()
Next by thread: [Qemu-ppc] [PATCH] spapr_pci: fix device tree props for MSI/MSI-X
Index(es):
- Date
- Thread