Michael S. Tsirkin 894f179e8d tsc210x: fix buffer overrun on invalid state load ...

CVE-2013-4539

s->precision, nextprecision, function and nextfunction
come from wire and are used
as idx into resolution[] in TSC_CUT_RESOLUTION.

Validate after load to avoid buffer overrun.

Cc: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 5193be3be3)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

2014-07-20 22:05:55 -05:00

..

adb.c

…

hid.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

lm832x.c

lm832x: QOM'ify

2014-02-14 16:22:32 +01:00

Makefile.objs

hw: move timer devices to hw/timer/, configure with default-configs/

2013-04-08 18:13:14 +02:00

milkymist-softusb.c

milkymist-softusb: QOM cast cleanup

2013-07-29 21:06:57 +02:00

pckbd.c

pckbd: return 'keyboard enabled' on read input port command

2014-03-09 21:09:38 +02:00

pl050.c

pl050: QOM'ify pl050_keyboard and pl050_mouse

2013-07-29 21:06:57 +02:00

ps2.c

…

pxa2xx_keypad.c

pxa27x: Add 'const' attribute to keyboard maps

2014-01-01 18:03:55 +04:00

stellaris_input.c

arm: fix location of some include files

2013-04-15 15:16:01 +02:00

tsc210x.c

tsc210x: fix buffer overrun on invalid state load

2014-07-20 22:05:55 -05:00

tsc2005.c

aio / timers: Switch entire codebase to the new timer API

2013-08-22 19:14:24 +02:00

vmmouse.c

isa: Clean up use of cannot_instantiate_with_device_add_yet

2013-12-23 00:27:23 +01:00