From: Huawei PSIRT <psirt@huawei.com>
To: ppandit@redhat.com, qemu-devel@nongnu.org
Cc: mst@redhat.com, pbonzini@redhat.com, pjp@fedoraproject.org,
yanghongke <yanghongke@huawei.com>,
Huawei PSIRT <PSIRT@huawei.com>,
"Wanglijun (PSIRT)" <wanglijun.wanglijun@huawei.com>
Subject: Re: [Qemu-devel] [PATCH] char: serial: check divider value against baud base
Date: Wed, 12 Oct 2016 09:39:26 +0800 [thread overview]
Message-ID: <001901d22429$79adad50$6d0907f0$@com> (raw)
In-Reply-To: <1476203260-5290-1-git-send-email-ppandit@redhat.com>
Dear,
Thank you very much for your support. And will you assign a CVE-ID for the
issue?
Best regards,
Huawei PSIRT
-----邮件原件-----
发件人: P J P [mailto:ppandit@redhat.com]
发送时间: 2016年10月12日 0:28
收件人: Qemu Developers
抄送: Michael S. Tsirkin; Paolo Bonzini; Huawei PSIRT; Prasad J Pandit
主题: [PATCH] char: serial: check divider value against baud base
From: Prasad J Pandit <pjp@fedoraproject.org>
16550A UART device uses an oscillator to generate frequencies (baud base),
which decide communication speed. This speed could be changed by dividing it
by a divider. If the divider is greater than the baud base, speed is set to
zero, leading to a divide by zero error. Add check to avoid it.
Reported-by: Huawei PSIRT <psirt@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
hw/char/serial.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/char/serial.c b/hw/char/serial.c index 3442f47..f659bbd
100644
--- a/hw/char/serial.c
+++ b/hw/char/serial.c
@@ -153,7 +153,7 @@ static void serial_update_parameters(SerialState *s)
int speed, parity, data_bits, stop_bits, frame_size;
QEMUSerialSetParams ssp;
- if (s->divider == 0)
+ if (s->divider == 0 || s->divider > s->baudbase)
return;
/* Start bit. */
--
2.5.5
prev parent reply other threads:[~2016-10-12 1:40 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-11 16:27 [Qemu-devel] [PATCH] char: serial: check divider value against baud base P J P
2016-10-12 0:57 ` no-reply
2016-10-12 6:07 ` P J P
2016-10-12 1:39 ` Huawei PSIRT [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='001901d22429$79adad50$6d0907f0$@com' \
--to=psirt@huawei.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pjp@fedoraproject.org \
--cc=ppandit@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=wanglijun.wanglijun@huawei.com \
--cc=yanghongke@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.