mirror of https://gitee.com/openkylin/qemu.git
52f91c3723
CVE-2013-4540 Within scoop_gpio_handler_update, if prev_level has a high bit set, then we get bit > 16 and that causes a buffer overrun. Since prev_level comes from wire indirectly, this can happen on invalid state load. Similarly for gpio_level and gpio_dir. To fix, limit to 16 bit. Reported-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com> |
||
---|---|---|
.. | ||
Makefile.objs | ||
max7310.c | ||
omap_gpio.c | ||
pl061.c | ||
puv3_gpio.c | ||
zaurus.c |