projects / pve-qemu-kvm.git / blame
| Commit | Line | Data |
|---|---|---|
| 282838af WB |
1 | From 7e0ebfd13e55a706396197437f375692bbf75d15 Mon Sep 17 00:00:00 2001 |
| 2 | From: Prasad J Pandit <pjp@fedoraproject.org> | |
| 3 | Date: Wed, 12 Oct 2016 11:28:08 +0530 | |
| 4 | Subject: [PATCH 2/2] char: serial: check divider value against baud base | |
| 5 | ||
| 6 | 16550A UART device uses an oscillator to generate frequencies | |
| 7 | (baud base), which decide communication speed. This speed could | |
| 8 | be changed by dividing it by a divider. If the divider is | |
| 9 | greater than the baud base, speed is set to zero, leading to a | |
| 10 | divide by zero error. Add check to avoid it. | |
| 11 | ||
| 12 | Reported-by: Huawei PSIRT <psirt@huawei.com> | |
| 13 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | |
| 14 | --- | |
| 15 | hw/char/serial.c | 3 ++- | |
| 16 | 1 file changed, 2 insertions(+), 1 deletion(-) | |
| 17 | ||
| 18 | diff --git a/hw/char/serial.c b/hw/char/serial.c | |
| 19 | index 3442f47..eec72b7 100644 | |
| 20 | --- a/hw/char/serial.c | |
| 21 | +++ b/hw/char/serial.c | |
| 22 | @@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s) | |
| 23 | int speed, parity, data_bits, stop_bits, frame_size; | |
| 24 | QEMUSerialSetParams ssp; | |
| 25 | ||
| 26 | - if (s->divider == 0) | |
| 27 | + if (s->divider == 0 || s->divider > s->baudbase) { | |
| 28 | return; | |
| 29 | + } | |
| 30 | ||
| 31 | /* Start bit. */ | |
| 32 | frame_size = 1; | |
| 33 | -- | |
| 34 | 2.1.4 | |
| 35 |