diff options
author | Kevin Wolf <kwolf@redhat.com> | 2014-03-26 13:05:33 +0100 |
---|---|---|
committer | Stefan Hajnoczi <stefanha@redhat.com> | 2014-04-01 13:59:47 +0200 |
commit | e3737b820b45e54b059656dc3f914f895ac7a88b (patch) | |
tree | 2f5378471709e413a5e59a5ee85e0ea5453a7a7a /tests/i440fx-test.c | |
parent | 246f65838d19db6db55bfb41117c35645a2c4789 (diff) |
bochs: Check catalog_size header field (CVE-2014-0143)
It should neither become negative nor allow unbounded memory
allocations. This fixes aborts in g_malloc() and an s->catalog_bitmap
buffer overflow on big endian hosts.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'tests/i440fx-test.c')
0 files changed, 0 insertions, 0 deletions