"Michael S. Tsirkin" <m...@redhat.com> wrote: > CVE-2013-4531 > > cpreg_vmstate_indexes is a VARRAY_INT32. A negative value for > cpreg_vmstate_array_len will cause a buffer overflow. > > VMSTATE_INT32_LE was supposed to protect against this > but doesn't because it doesn't validate that input is > non-negative. > > Fix this macro to valide the value appropriately. > > The only other user of VMSTATE_INT32_LE doesn't > ever use negative numbers so it doesn't care. > > Reported-by: Anthony Liguori <anth...@codemonkey.ws> > Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
Reviewed-by: Juan Quintela <quint...@redhat.com> Integrated.
