[Xen-devel] Qemu PCI potential buffer overrun patch

To:	"Xen devel list" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject:	[Xen-devel] Qemu PCI potential buffer overrun patch
From:	"Zulauf, John" <john.zulauf@xxxxxxxxx>
Date:	Wed, 7 Feb 2007 13:37:22 -0800
Delivery-date:	Wed, 07 Feb 2007 13:37:52 -0800
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index:	AcdLACcC5V947A8nT6iuBTiWL0/ZIw==
Thread-topic:	Qemu PCI potential buffer overrun patch

I've been digging around the guts of ioemu's pci support and noticed
that it is possible for a pci_register_device (in tools/ioemu/hw/pci.c
to create a device structure s.t. it will buffer overflow before
completing the routine (when it sets the irq value).

The attached patch makes sure that the instance size as specified is at
least as big as a PCIDevice structure that the routine is filling out.

John Zulauf
Intel Corporation

== Views expressed reflect only those of the author, not his employer ==

pci.patch
Description: pci.patch

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] Qemu PCI potential buffer overrun patch