From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60964)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ppandit@redhat.com>) id 1aGT1O-000398-UW
	for qemu-devel@nongnu.org; Tue, 05 Jan 2016 09:55:39 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ppandit@redhat.com>) id 1aGT1K-0003n3-Tr
	for qemu-devel@nongnu.org; Tue, 05 Jan 2016 09:55:38 -0500
Received: from mx1.redhat.com ([209.132.183.28]:43380)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ppandit@redhat.com>) id 1aGT1K-0003mb-O6
	for qemu-devel@nongnu.org; Tue, 05 Jan 2016 09:55:34 -0500
From: P J P <ppandit@redhat.com>
Date: Tue,  5 Jan 2016 20:25:22 +0530
Message-Id: <1452005723-1494-1-git-send-email-ppandit@redhat.com>
Subject: [Qemu-devel] [PATCH for v2.3.0] fw_cfg: add check to validate
	current entry value
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Qemu devel <qemu-devel@nongnu.org>
Cc: Stefan Weil <sw@weilnetz.de>, Prasad J Pandit <pjp@fedoraproject.org>, Peter Maydell <peter.maydell@linaro.org>

From: Prasad J Pandit <pjp@fedoraproject.org>

Hello,

An OOB r/w access issue was reported by Mr Donghai Zdh, CC'd here. It occurs
while processing firmware configurations in Qemu versions prior to 2.4. The
OOB memory access crashes the Qemu process on the host.

Please see below a (tested)patch to fix this issue. Does it look okay?

Thank you!

Prasad J Pandit (1):
  fw_cfg: add check to validate current entry value

 hw/nvram/fw_cfg.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

--
2.4.3