qemu/hw at eae303ff23f51259eddc8856c71453d887ffe51a - qemu - Gitea: Git with a cup of tea

mii/qemu

mirror of https://github.com/mii443/qemu.git synced 2025-09-02 15:19:24 +00:00

Files

History

Michael S. Tsirkin d7f053652f cadence_gem: fix buffer overflow

gem_transmit copies a packet from guest into an tx_packet[2048]
array on stack, with size limited by descriptor length set by guest.  If
guest is malicious and specifies a descriptor length that is too large,
and should packet size exceed array size, this results in a buffer
overflow.

Reported-by: 刘令 <liuling-it@360.cn>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>

2016-02-04 13:22:06 +08:00

..

9pfs: Clean up includes

2016-01-29 15:07:23 +00:00

x86: Clean up includes

2016-01-29 15:07:22 +00:00

alpha: Clean up includes

2016-01-29 15:07:23 +00:00

hw/arm/virt: Add always-on property to the virt board timer

2016-01-21 14:15:07 +00:00

audio: Clean up includes

2016-02-02 13:57:31 +01:00

virtio-blk: Functions for op blocker management

2016-02-02 17:50:46 +01:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

hw/core: Clean up includes

2016-01-29 15:07:25 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

cris: Clean up includes

2016-01-29 15:07:24 +00:00

virtio-gpu: block any rendering until client (ui) is done

2016-02-03 10:41:36 +01:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

x86: Clean up includes

2016-01-29 15:07:22 +00:00

macio: add dma_active to VMStateDescription

2016-01-30 23:37:36 +11:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

hw/intc: Clean up includes

2016-01-29 15:07:24 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

lm32: Clean up includes

2016-01-29 15:07:22 +00:00

m68k: Clean up includes

2016-01-29 15:07:24 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

microblaze: Clean up includes

2016-01-28 11:13:13 +00:00

mips: Clean up includes

2016-01-23 14:30:04 +00:00

ivshmem: use a single eventfd callback, get rid of CharDriver

2016-02-02 13:28:58 +01:00

moxie: Clean up includes

2016-01-29 15:07:25 +00:00

cadence_gem: fix buffer overflow

2016-02-04 13:22:06 +08:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

openrisc: Clean up includes

2016-01-29 15:07:24 +00:00

pci: Clean up includes

2016-01-29 15:07:24 +00:00

pci: Clean up includes

2016-01-29 15:07:24 +00:00

uninorth.c: add support for UniNorth kMacRISCPCIAddressSelect (0x48) register

2016-01-30 23:37:38 +11:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

target-ppc: Helper to determine page size information from hpte alone

2016-01-30 23:49:27 +11:00

s390: Clean up includes

2016-01-29 15:07:22 +00:00

virtio-scsi: Catch BDS-BB removal/insertion

2016-02-02 17:50:46 +01:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

sh4: Clean up includes

2016-01-29 15:07:24 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

sparc: Clean up includes

2016-01-29 15:07:22 +00:00

sparc: Clean up includes

2016-01-29 15:07:22 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

hw/timer: Clean up includes

2016-01-29 15:07:24 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

tricore: Clean up includes

2016-01-29 15:07:25 +00:00

unicore: Clean up includes

2016-01-29 15:07:22 +00:00

ehci: update irq on reset

2016-02-02 14:11:01 +01:00

hw/vfio: Clean up includes

2016-01-29 15:07:24 +00:00

virtio: Clean up includes

2016-01-29 15:07:23 +00:00

hw: Clean up includes

2016-01-29 15:07:25 +00:00

xen: Clean up includes

2016-01-29 15:07:23 +00:00

xen: Clean up includes

2016-01-29 15:07:23 +00:00

xtensa: Clean up includes

2016-01-29 15:07:24 +00:00

Makefile.objs

Add a base IPMI interface

2015-12-22 18:39:19 +02:00