david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
QEMU-Nyx-fork/hw
History
Paolo Bonzini b68cb06093 m25p80: avoid out of bounds accesses 
s->cur_addr can be made to point outside s->storage, either by
writing a value >= 128 to s->ear (because s->ear * MAX_3BYTES_SIZE
is a signed integer and sign-extends into the 64-bit cur_addr),
or just by writing an address beyond the size of the flash being
emulated.  Avoid the sign extension to make the code cleaner, and
on top of that mask s->cur_addr to s->size.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Message-id: 1467138270-32481-4-git-send-email-clg@kaod.org
Reviewed by: Marcin Krzeminski <marcin.krzeminski@nokia.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2016-07-04 13:15:22 +01:00
..
9pfs
9p: synth: drop v9fs_ prefix
2016-07-01 14:38:54 +02:00
acpi
pc: use new CPU hotplug interface since 2.7 machine type
2016-06-24 05:21:38 +03:00
alpha
trace: split out trace events for hw/alpha/ directory
2016-06-20 17:22:17 +01:00
arm
ssi: change ssi_slave_init to be a realize ops
2016-07-04 13:15:22 +01:00
audio
pcspk: fix KVM
2016-06-30 19:00:02 +01:00
block
m25p80: avoid out of bounds accesses
2016-07-04 13:15:22 +01:00
bt
bt: rewrite csrhci_write to avoid out-of-bounds writes
2016-05-29 09:11:11 +02:00
char
* serial port fixes (Paolo)
2016-06-29 19:14:48 +01:00
core
register: Add block initialise helper
2016-07-04 13:15:22 +01:00
cpu
cpu: Abstract CPU core type
2016-06-17 16:33:48 +10:00
cris
hw/char: QOM'ify etraxfs_ser.c
2016-05-29 09:11:10 +02:00
display
ssi: change ssi_slave_init to be a realize ops
2016-07-04 13:15:22 +01:00
dma
dma: Add Xilinx Zynq devcfg device model
2016-07-04 13:15:22 +01:00
gpio
hw/gpio: QOM'ify zaurus.c
2016-06-14 15:59:13 +01:00
i2c
ICH9 SMB: make TYPE_ICH9_SMB_DEVICE macro public
2016-06-29 14:03:46 +02:00
i386
intel_iommu: Throw hw_error on notify_started
2016-06-30 13:00:24 -06:00
ide
* serial port fixes (Paolo)
2016-06-29 19:14:48 +01:00
input
pckbd: handle A20 IRQ as GPIO
2016-06-29 14:03:46 +02:00
intc
armv7m_nvic: Use qemu_get_cpu(0) instead of current_cpu
2016-07-04 13:15:22 +01:00
ipack
ipack: Update e-mail address
2016-05-18 15:04:27 +03:00
ipmi
hw/ipmi: fix spelling
2016-06-07 18:02:48 +03:00
isa
ich9: implement SCI_IRQ_SEL register
2016-06-29 14:03:48 +02:00
lm32
hw/char: QOM'ify milkymist-uart.c
2016-05-29 09:11:10 +02:00
m68k
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
mem
nvdimm: support nvdimm label
2016-06-24 05:13:57 +03:00
microblaze
hw/char: QOM'ify xilinx_uartlite model
2016-06-06 16:59:32 +01:00
mips
mips: use MIPSCPU instead of CPUMIPSState
2016-05-19 16:42:27 +02:00
misc
ssi: change ssi_slave_init to be a realize ops
2016-07-04 13:15:22 +01:00
moxie
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
net
vmxnet3: Fix reading/writing guest memory specially when behind an IOMMU
2016-06-28 10:13:57 +08:00
nvram
trace: split out trace events for hw/nvram/ directory
2016-06-20 17:22:15 +01:00
openrisc
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
pci
trace: split out trace events for hw/pci/ directory
2016-06-20 17:22:16 +01:00
pci-bridge
fix some coding style problems
2016-06-17 03:28:03 +03:00
pci-host
Q35: implement property interfece to several parameters
2016-06-29 14:03:46 +02:00
pcmcia
hw: Clean up includes
2016-01-29 15:07:25 +00:00
ppc
spapr: drop duplicate variable in spapr_core_release()
2016-07-01 13:41:47 +10:00
s390x
virtio-ccw: convert to ioeventfd callbacks
2016-06-24 08:47:35 +03:00
scsi
* serial port fixes (Paolo)
2016-06-29 19:14:48 +01:00
sd
ssi: change ssi_slave_init to be a realize ops
2016-07-04 13:15:22 +01:00
sh4
hw/sh4/sh_pci.c: Use ldl_le_p() and stl_le_p()
2016-06-28 15:09:32 +01:00
smbios
ipmi: Add SMBIOS table entry
2016-06-24 05:13:57 +03:00
sparc
trace: split out trace events for hw/sparc/ directory
2016-06-20 17:22:16 +01:00
sparc64
util: move declarations out of qemu-common.h
2016-03-22 22:20:17 +01:00
ssi
ssi: change ssi_slave_init to be a realize ops
2016-07-04 13:15:22 +01:00
timer
MC146818 RTC: add GPIO access to output IRQ
2016-06-29 14:03:46 +02:00
tpm
tpm: Fix write to file descriptor function
2016-04-13 19:52:34 +03:00
tricore
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
unicore32
hw: explicitly include qemu-common.h and cpu.h
2016-03-22 22:20:17 +01:00
usb
usb-uas: hotplug support
2016-06-22 12:53:26 +02:00
vfio
memory: Add MemoryRegionIOMMUOps.notify_started/stopped callbacks
2016-06-30 13:00:23 -06:00
virtio
virtio-bus: remove old set_host_notifier callback
2016-06-24 08:47:35 +03:00
watchdog
nmi: remove x86 specific nmi handling
2016-05-23 16:53:46 +02:00
xen
xen: move xen_sysdev to xen_backend.c
2016-06-22 11:28:42 +01:00
xenpv
xen: move xen_sysdev to xen_backend.c
2016-06-22 11:28:42 +01:00
xtensa
replace muldiv64(a, b, c) by (uint64_t)a * b / c
2016-06-07 18:02:49 +03:00
Makefile.objs
Add a base IPMI interface
2015-12-22 18:39:19 +02:00