]> git.proxmox.com Git - mirror_qemu.git/commit - tests/qemu-iotests/078.out
projects / mirror_qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 246f658) | patch
bochs: Check catalog_size header field (CVE-2014-0143)
authorKevin Wolf <kwolf@redhat.com>
Wed, 26 Mar 2014 12:05:33 +0000 (13:05 +0100)
committerStefan Hajnoczi <stefanha@redhat.com>
Tue, 1 Apr 2014 11:59:47 +0000 (13:59 +0200)
commite3737b820b45e54b059656dc3f914f895ac7a88b
tree2f5378471709e413a5e59a5ee85e0ea5453a7a7atree
parent246f65838d19db6db55bfb41117c35645a2c4789commit | diff
bochs: Check catalog_size header field (CVE-2014-0143)

It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap
buffer overflow on big endian hosts.

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
block/bochs.c diff | blob | blame | history
tests/qemu-iotests/078 diff | blob | blame | history
tests/qemu-iotests/078.out diff | blob | blame | history
QEMU mirror