projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 91a743b) | patch
hw/cxl: Check input length is large enough in cmd_events_clear_records()
authorJonathan Cameron <Jonathan.Cameron@huawei.com>
Fri, 1 Nov 2024 13:39:10 +0000 (13:39 +0000)
committerMichael S. Tsirkin <mst@redhat.com>
Mon, 4 Nov 2024 21:03:25 +0000 (16:03 -0500)
commitf4a12ba66bebfe200d7f56015c1cd5af321ab152
tree120f00aa699323e08b7642f9740fb941752b5c33tree | snapshot
parent91a743bd021a262af61c79cc35f0b634b2fcf3adcommit | diff
hw/cxl: Check input length is large enough in cmd_events_clear_records()

Buggy software might write a message that is too short for
either the header, or the header + the event data that is specified
in the header.  This may result in accesses beyond the range of the
message allocated as a duplicate of the incoming message buffer.

Reported-by: Esifiel <esifiel@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20241101133917.27634-4-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
hw/cxl/cxl-mailbox-utils.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.