qemu/hw/input
Michael S. Tsirkin 5193be3be3 tsc210x: fix buffer overrun on invalid state load
CVE-2013-4539

s->precision, nextprecision, function and nextfunction
come from wire and are used
as idx into resolution[] in TSC_CUT_RESOLUTION.

Validate after load to avoid buffer overrun.

Cc: Andreas Färber <afaerber@suse.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-05-05 22:15:02 +02:00
..
Makefile.objs hw: move timer devices to hw/timer/, configure with default-configs/ 2013-04-08 18:13:14 +02:00
adb.c hw: move target-independent files to subdirectories 2013-04-08 18:13:12 +02:00
hid.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
lm832x.c lm832x: QOM'ify 2014-02-14 16:22:32 +01:00
milkymist-softusb.c milkymist-softusb: QOM cast cleanup 2013-07-29 21:06:57 +02:00
pckbd.c pckbd: return 'keyboard enabled' on read input port command 2014-03-09 21:09:38 +02:00
pl050.c pl050: QOM'ify pl050_keyboard and pl050_mouse 2013-07-29 21:06:57 +02:00
ps2.c hw: move target-independent files to subdirectories 2013-04-08 18:13:12 +02:00
pxa2xx_keypad.c pxa27x: Add 'const' attribute to keyboard maps 2014-01-01 18:03:55 +04:00
stellaris_input.c arm: fix location of some include files 2013-04-15 15:16:01 +02:00
tsc210x.c tsc210x: fix buffer overrun on invalid state load 2014-05-05 22:15:02 +02:00
tsc2005.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
vmmouse.c isa: Clean up use of cannot_instantiate_with_device_add_yet 2013-12-23 00:27:23 +01:00