refer to the new repository

[pve-qemu-kvm.git] / debian / patches / old / CVE-2015-8666-acpi-fix-buffer-overrun-on-migration.patch

diff --git a/debian/patches/old/CVE-2015-8666-acpi-fix-buffer-overrun-on-migration.patch b/debian/patches/old/CVE-2015-8666-acpi-fix-buffer-overrun-on-migration.patch
deleted file mode 100644 (file)
index b46ab48..0000000
--- a/debian/patches/old/CVE-2015-8666-acpi-fix-buffer-overrun-on-migration.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From d9a3b33d2c9f996537b7f1d0246dee2d0120cefb Mon Sep 17 00:00:00 2001
-From: "Michael S. Tsirkin" <mst@redhat.com>
-Date: Thu, 19 Nov 2015 15:14:07 +0200
-Subject: [PATCH] acpi: fix buffer overrun on migration
-
-ich calls acpi_gpe_init with length ICH9_PMIO_GPE0_LEN so
-ICH9_PMIO_GPE0_LEN/2 bytes are allocated, but then the full
-ICH9_PMIO_GPE0_LEN bytes are migrated.
-
-As a quick work-around, allocate twice the memory.
-We'll probably want to tweak code to avoid
-migrating the extra ICH9_PMIO_GPE0_LEN/2 bytes,
-but that is a bit trickier to do without breaking
-migration compatibility.
-
-Tested-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
-Reported-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
-Cc: qemu-stable@nongnu.org
-Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
----
- hw/acpi/core.c | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/hw/acpi/core.c b/hw/acpi/core.c
-index fe6215a..21e113d 100644
---- a/hw/acpi/core.c
-+++ b/hw/acpi/core.c
-@@ -625,8 +625,12 @@ void acpi_pm1_cnt_reset(ACPIREGS *ar)
- void acpi_gpe_init(ACPIREGS *ar, uint8_t len)
- {
-     ar->gpe.len = len;
--    ar->gpe.sts = g_malloc0(len / 2);
--    ar->gpe.en = g_malloc0(len / 2);
-+    /* Only first len / 2 bytes are ever used,
-+     * but the caller in ich9.c migrates full len bytes.
-+     * TODO: fix ich9.c and drop the extra allocation.
-+     */
-+    ar->gpe.sts = g_malloc0(len);
-+    ar->gpe.en = g_malloc0(len);
- }
- 
- void acpi_gpe_reset(ACPIREGS *ar)
--- 
-2.1.4
-