aboutsummaryrefslogtreecommitdiff
path: root/hw/scsi/virtio-scsi.c
diff options
context:
space:
mode:
authorGonglei <arei.gonglei@huawei.com>2017-01-03 14:50:03 +0800
committerMichael S. Tsirkin <mst@redhat.com>2017-01-10 05:56:58 +0200
commita08aaff811fb194950f79711d2afe5a892ae03a4 (patch)
tree4e7cc30b7d82c0494e7ae3dfdde88b69be332736 /hw/scsi/virtio-scsi.c
parent8cdcf3c1e58d04b6811956d7608efeb66c42d719 (diff)
virtio-crypto: fix possible integer and heap overflow
Because the 'size_t' type is 4 bytes in 32-bit platform, which is the same with 'int'. It's easy to make 'max_len' to zero when integer overflow and then cause heap overflow if 'max_len' is zero. Using uint_64 instead of size_t to avoid the integer overflow. Cc: qemu-stable@nongnu.org Reported-by: Li Qiang <liqiang6-s@360.cn> Signed-off-by: Gonglei <arei.gonglei@huawei.com> Tested-by: Li Qiang <liqiang6-s@360.cn> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw/scsi/virtio-scsi.c')
0 files changed, 0 insertions, 0 deletions