openkylin
/
qemu
mirror of https://gitee.com/openkylin/qemu.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
qemu/include
History
Thomas Huth 0f0f8b611e loader: Check access size when calling rom_ptr() to avoid crashes 
The rom_ptr() function allows direct access to the ROM blobs that we
load during startup. However, there are currently no checks for the
size of the accesses, so it's currently possible to crash QEMU for
example with:

$ echo "Insane in the mainframe" > /tmp/test.txt
$ s390x-softmmu/qemu-system-s390x -kernel /tmp/test.txt -append xyz
Segmentation fault (core dumped)
$ s390x-softmmu/qemu-system-s390x -kernel /tmp/test.txt -initrd /tmp/test.txt
Segmentation fault (core dumped)
$ echo -n HdrS > /tmp/hdr.txt
$ sparc64-softmmu/qemu-system-sparc64 -kernel /tmp/hdr.txt -initrd /tmp/hdr.txt
Segmentation fault (core dumped)

We need a possibility to check the size of the ROM area that we want
to access, thus let's add a size parameter to the rom_ptr() function
to avoid these problems.

Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1530005740-25254-1-git-send-email-thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
 		2018-07-02 10:37:38 +02:00
..
block block: Remove unused sector-based vectored I/O 2018-06-29 14:20:56 +02:00
chardev chardev: comment details for CLOSED event 2018-06-30 17:50:48 +02:00
crypto Include less of the generated modular QAPI headers 2018-03-02 13:45:50 -06:00
disas RISC-V Disassembler 2018-03-07 08:30:28 +13:00
exec memory/hmp: Print owners/parents in "info mtree" 2018-06-28 19:05:36 +02:00
fpu fpu/softfloat: Specialize on snan_bit_is_one 2018-05-17 15:27:15 -07:00
hw loader: Check access size when calling rom_ptr() to avoid crashes 2018-07-02 10:37:38 +02:00
io qio: non-default context for TLS handshake 2018-03-06 10:19:07 +00:00
libdecnumber Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
migration typedefs: add QJSON 2018-06-15 14:40:56 +01:00
monitor monitor: new parameter "x-oob" 2018-03-27 10:17:45 -05:00
net net: Remove the deprecated "vlan" parameter 2018-05-14 15:47:14 +08:00
qapi block: Add block-specific QDict header 2018-06-15 14:49:44 +02:00
qemu The Darwin host support still needs some more work. It won't make it for 2018-06-29 16:56:45 +01:00
qom exec.c: Handle IOMMUs in address_space_translate_for_iotlb() 2018-06-15 15:23:34 +01:00
scsi pr-manager: add query-pr-managers QMP command 2018-06-28 19:05:35 +02:00
standard-headers linux-headers: Update to kernel mainline commit b357bf602 2018-06-22 13:28:35 +01:00
sysemu s390/ipl: fix ipl with -no-reboot 2018-07-02 10:37:38 +02:00
ui Add gles support to egl-helpers, wire up in egl-headless and gtk. 2018-06-26 13:48:49 +02:00
elf.h linux-user: ARM-FDPIC: Identify ARM FDPIC binaries 2018-05-03 18:25:29 +02:00
glib-compat.h glib: enforce the minimum required version and warn about old APIs 2018-06-29 12:22:28 +01:00
qemu-common.h qemu-options: Bail out on unsupported options instead of silently ignoring them 2018-05-09 00:13:39 +02:00
qemu-io.h qemu-io: Let command functions return error code 2018-06-11 16:18:45 +02:00
trace-tcg.h trace: get rid of generated-events.h/generated-events.c 2016-10-12 09:54:52 +02:00