[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 23/23] savevm: fix potential segfault on invalid st
|
From: |
Michael S. Tsirkin |
|
Subject: |
[Qemu-stable] [PATCH 23/23] savevm: fix potential segfault on invalid state |
|
Date: |
Tue, 3 Dec 2013 18:29:26 +0200 |
savevm will segfault if version_id < vmsd->minimum_version_id &&
version_id >= vmsd->minimum_version_id_old
This calls through a NULL pointer. This is a bug (should
exit not crash).
Signed-off-by: Michael S. Tsirkin <address@hidden>
---
savevm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/savevm.c b/savevm.c
index 3f912dd..04349f6 100644
--- a/savevm.c
+++ b/savevm.c
@@ -1686,6 +1686,9 @@ int vmstate_load_state(QEMUFile *f, const
VMStateDescription *vmsd,
return -EINVAL;
}
if (version_id < vmsd->minimum_version_id) {
+ if (!vmsd->load_state_old) {
+ return -EINVAL;
+ }
return vmsd->load_state_old(f, opaque, version_id);
}
if (vmsd->pre_load) {
--
MST
- [Qemu-stable] [PATCH 20/23] zaurus: fix buffer overrun on invalid state load, (continued)
- [Qemu-stable] [PATCH 20/23] zaurus: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 19/23] tsc210x: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 11/23] stellaris_enet: avoid buffer overrun on incoming migration (part 2), Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 21/23] usb: sanity check setup_index+setup_len in post_load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 22/23] virtio-scsi: fix buffer overrun on invalid state load, Michael S. Tsirkin, 2013/12/03
- [Qemu-stable] [PATCH 23/23] savevm: fix potential segfault on invalid state,
Michael S. Tsirkin <=
- [Qemu-stable] [PATCH 04/23] virtio: out-of-bounds buffer write on invalid state load, Michael S. Tsirkin, 2013/12/03
- Re: [Qemu-stable] [Qemu-devel] [PATCH 00/23] qemu state loading issues, Peter Maydell, 2013/12/03