Gitiles
Code Review Sign In
android-review.linaro.org / platform / external / qemu-android / 4ab4183d766f10f9fc35cd9ef4acee39f241986f
commit4ab4183d766f10f9fc35cd9ef4acee39f241986f[log] [tgz]
authorDavid S. Ahern <daahern@cisco.com>Wed Feb 03 09:00:54 2010 -0700
committerAnthony Liguori <aliguori@us.ibm.com>Wed Feb 10 12:45:11 2010 -0600
treefe08cdf3b851f07c72eb46146e63cfebed1984cd
parent8e65b7c04965c8355e4ce43211582b6b83054e3d [diff]
segfault due to buffer overrun in usb-serial

This fixes a segfault due to buffer overrun in the usb-serial device.
The memcpy was incrementing the start location by recv_used yet, the
computation of first_size (how much to write at the end of the buffer
before wrapping to the front) was not accounting for it. This causes the
next element after the receive buffer (recv_ptr) to get overwritten with
random data.

Signed-off-by: David Ahern <daahern@cisco.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
1 file changed
tree: fe08cdf3b851f07c72eb46146e63cfebed1984cd
  1. audio/
  2. block/
  3. bsd-user/
  4. darwin-user/
  5. default-configs/
  6. docs/
  7. fpu/
  8. gdb-xml/
  9. hw/
  10. linux-user/
  11. net/
  12. pc-bios/
  13. QMP/
  14. roms/
  15. slirp/
  16. target-alpha/
  17. target-arm/
  18. target-cris/
  19. target-i386/
  20. target-m68k/
  21. target-microblaze/
  22. target-mips/
  23. target-ppc/
  24. target-s390x/
  25. target-sh4/
  26. target-sparc/
  27. tcg/
  28. tests/
  29. .gitignore
  30. .gitmodules
  31. a.out.h
  32. acl.c
  33. acl.h
  34. aes.c
  35. aes.h
  36. aio.c
  37. alpha-dis.c
  38. alpha.ld
  39. arm-dis.c
  40. arm-semi.c
  41. arm.ld
  42. async.c
  43. balloon.h
  44. block-migration.c
  45. block-migration.h
  46. block.c
  47. block.h
  48. block_int.h
  49. bswap.h
  50. bt-host.c
  51. bt-host.h
  52. bt-vhci.c
  53. buffered_file.c
  54. buffered_file.h
  55. cache-utils.c
  56. cache-utils.h
  57. Changelog
  58. check-qdict.c
  59. check-qfloat.c
  60. check-qint.c
  61. check-qjson.c
  62. check-qlist.c
  63. check-qstring.c
  64. cmd.c
  65. cmd.h
  66. cocoa.m
  67. CODING_STYLE
  68. config.h
  69. configure
  70. console.c
  71. console.h
  72. COPYING
  73. COPYING.LIB
  74. cpu-all.h
  75. cpu-common.h
  76. cpu-defs.h
  77. cpu-exec.c
  78. create_config
  79. cris-dis.c
  80. curses.c
  81. curses_keys.h
  82. cutils.c
  83. d3des.c
  84. d3des.h
  85. def-helper.h
  86. device_tree.c
  87. device_tree.h
  88. dis-asm.h
  89. disas.c
  90. disas.h
  91. dma-helpers.c
  92. dma.h
  93. dyngen-exec.h
  94. elf.h
  95. envlist.c
  96. envlist.h
  97. exec-all.h
  98. exec.c
  99. feature_to_c.sh
  100. gdbstub.c
  101. gdbstub.h
  102. gen-icount.h
  103. host-utils.c
  104. host-utils.h
  105. hostregs_helper.h
  106. hpet.h
  107. hppa-dis.c
  108. hppa.ld
  109. hxtool
  110. i386-dis.c
  111. i386.ld
  112. ia64.ld
  113. input.c
  114. ioport-user.c
  115. ioport.c
  116. ioport.h
  117. json-lexer.c
  118. json-lexer.h
  119. json-parser.c
  120. json-parser.h
  121. json-streamer.c
  122. json-streamer.h
  123. keymaps.c
  124. keymaps.h
  125. kvm-all.c
  126. kvm.h
  127. libfdt_env.h
  128. LICENSE
  129. linux-aio.c
  130. m68k-dis.c
  131. m68k-semi.c
  132. m68k.ld
  133. MAINTAINERS
  134. Makefile
  135. Makefile.hw
  136. Makefile.objs
  137. Makefile.target
  138. Makefile.user
  139. microblaze-dis.c
  140. migration-exec.c
  141. migration-fd.c
  142. migration-tcp.c
  143. migration-unix.c
  144. migration.c
  145. migration.h
  146. mips-dis.c
  147. mips.ld
  148. module.c
  149. module.h
  150. monitor.c
  151. monitor.h
  152. nbd.c
  153. nbd.h
  154. net-checksum.c
  155. net.c
  156. net.h
  157. osdep.c
  158. osdep.h
  159. path.c
  160. pci-ids.txt
  161. posix-aio-compat.c
  162. ppc-dis.c
  163. ppc.ld
  164. ppc64.ld
  165. qbool.c
  166. qbool.h
  167. qdict-test-data.txt
  168. qdict.c
  169. qdict.h
  170. qemu-aio.h
  171. qemu-binfmt-conf.sh
  172. qemu-char.c
  173. qemu-char.h
  174. qemu-common.h
  175. qemu-config.c
  176. qemu-config.h
  177. qemu-doc.texi
  178. qemu-img-cmds.hx
  179. qemu-img.c
  180. qemu-img.texi
  181. qemu-io.c
  182. qemu-lock.h
  183. qemu-log.h
  184. qemu-malloc.c
  185. qemu-monitor.hx
  186. qemu-nbd.c
  187. qemu-nbd.texi
  188. qemu-objects.h
  189. qemu-option.c
  190. qemu-option.h
  191. qemu-options.hx
  192. qemu-queue.h
  193. qemu-sockets.c
  194. qemu-tech.texi
  195. qemu-thread.c
  196. qemu-thread.h
  197. qemu-timer.h
  198. qemu-tool.c
  199. qemu.sasl
  200. qemu_socket.h
  201. qerror.c
  202. qerror.h
  203. qfloat.c
  204. qfloat.h
  205. qint.c
  206. qint.h
  207. qjson.c
  208. qjson.h
  209. qlist.c
  210. qlist.h
  211. qobject.h
  212. qstring.c
  213. qstring.h
  214. readline.c
  215. readline.h
  216. README
  217. rules.mak
  218. s390-dis.c
  219. s390.ld
  220. savevm.c
  221. sdl.c
  222. sdl_keysym.h
  223. sdl_zoom.c
  224. sdl_zoom.h
  225. sdl_zoom_template.h
  226. sh4-dis.c
  227. softmmu-semi.h
  228. softmmu_defs.h
  229. softmmu_exec.h
  230. softmmu_header.h
  231. softmmu_template.h
  232. sparc-dis.c
  233. sparc.ld
  234. sparc64.ld
  235. sysemu.h
  236. targphys.h
  237. tcg-runtime.c
  238. texi2pod.pl
  239. thunk.c
  240. thunk.h
  241. TODO
  242. translate-all.c
  243. uboot_image.h
  244. usb-bsd.c
  245. usb-linux.c
  246. usb-stub.c
  247. VERSION
  248. vgafont.h
  249. vl.c
  250. vnc-auth-sasl.c
  251. vnc-auth-sasl.h
  252. vnc-auth-vencrypt.c
  253. vnc-auth-vencrypt.h
  254. vnc-tls.c
  255. vnc-tls.h
  256. vnc.c
  257. vnc.h
  258. vnc_keysym.h
  259. vnchextile.h
  260. x86_64.ld
  261. x_keymap.c
  262. x_keymap.h