3 changed files with 37 additions and 13 deletions
@ -1,12 +0,0 @@ |
|||
https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html |
|||
--- hw/acpi/pcihp.c.orig 2014-08-27 12:53:38.200621592 +0000
|
|||
+++ hw/acpi/pcihp.c 2014-08-27 12:53:58.390518561 +0000
|
|||
@@ -231,7 +231,7 @@
|
|||
uint32_t val = 0; |
|||
int bsel = s->hotplug_select; |
|||
|
|||
- if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
|
|||
+ if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
|
|||
return 0; |
|||
} |
|||
|
|||
@ -0,0 +1,36 @@ |
|||
https://bugs.gentoo.org/520688 |
|||
|
|||
From fa365d7cd11185237471823a5a33d36765454e16 Mon Sep 17 00:00:00 2001 |
|||
From: Gonglei <arei.gonglei@huawei.com> |
|||
Date: Wed, 20 Aug 2014 13:52:30 +0800 |
|||
Subject: [PATCH] pcihp: fix possible array out of bounds |
|||
|
|||
Prevent out-of-bounds array access on |
|||
acpi_pcihp_pci_status. |
|||
|
|||
Signed-off-by: Gonglei <arei.gonglei@huawei.com> |
|||
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> |
|||
Reviewed-by: Michael S. Tsirkin <mst@redhat.com> |
|||
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> |
|||
Cc: qemu-stable@nongnu.org |
|||
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com> |
|||
---
|
|||
hw/acpi/pcihp.c | 2 +- |
|||
1 file changed, 1 insertion(+), 1 deletion(-) |
|||
|
|||
diff --git a/hw/acpi/pcihp.c b/hw/acpi/pcihp.c
|
|||
index fae663a..34dedf1 100644
|
|||
--- a/hw/acpi/pcihp.c
|
|||
+++ b/hw/acpi/pcihp.c
|
|||
@@ -231,7 +231,7 @@ static uint64_t pci_read(void *opaque, hwaddr addr, unsigned int size)
|
|||
uint32_t val = 0; |
|||
int bsel = s->hotplug_select; |
|||
|
|||
- if (bsel < 0 || bsel > ACPI_PCIHP_MAX_HOTPLUG_BUS) {
|
|||
+ if (bsel < 0 || bsel >= ACPI_PCIHP_MAX_HOTPLUG_BUS) {
|
|||
return 0; |
|||
} |
|||
|
|||
--
|
|||
2.0.0 |
|||
|
|||
Loading…
Reference in new issue