subject:"\[Qemu\-devel\] \[PATCH v4 22\/30\] tsc210x\: fix buffer overrun on invalid state load"

Re: [Qemu-devel] [PATCH v4 22/30] tsc210x: fix buffer overrun on invalid state load

2014-03-31 Thread Peter Maydell

On 31 March 2014 15:17, Michael S. Tsirkin wrote: > CVE-2013-4539 > > s->precision, nextprecision, function and nextfunction > come from wire and are used > as idx into resolution[] in TSC_CUT_RESOLUTION. > > Validate after load to avoid buffer overrun. > > Cc: Andreas Färber > Signed-off-by: Mic

[Qemu-devel] [PATCH v4 22/30] tsc210x: fix buffer overrun on invalid state load

2014-03-31 Thread Michael S. Tsirkin

CVE-2013-4539 s->precision, nextprecision, function and nextfunction come from wire and are used as idx into resolution[] in TSC_CUT_RESOLUTION. Validate after load to avoid buffer overrun. Cc: Andreas Färber Signed-off-by: Michael S. Tsirkin --- hw/input/tsc210x.c | 12 1 file c