qemu-stable
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-stable] [PATCH v5 12/24] vmstate: fix buffer overflow in targe


From: Juan Quintela
Subject: Re: [Qemu-stable] [PATCH v5 12/24] vmstate: fix buffer overflow in target-arm/machine.c
Date: Fri, 04 Apr 2014 11:43:16 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

"Michael S. Tsirkin" <address@hidden> wrote:
> CVE-2013-4531
>
> cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for
> cpreg_vmstate_array_len will cause a buffer overflow.
>
> VMSTATE_INT32_LE was supposed to protect against this
> but doesn't because it doesn't validate that input is
> non-negative.
>
> Fix this macro to valide the value appropriately.
>
> The only other user of VMSTATE_INT32_LE doesn't
> ever use negative numbers so it doesn't care.
>
> Reported-by: Anthony Liguori <address@hidden>
> Signed-off-by: Michael S. Tsirkin <address@hidden>

Reviewed-by: Juan Quintela <address@hidden>

Integrated.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]