Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
xen.11319
CVE-2018-18438-qemuu-010-integer-overflow-in-cc...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-18438-qemuu-010-integer-overflow-in-ccid_card_vscard_read-allows-memory-corruption.patch of Package xen.11319
References: bsc#1112188 CVE-2018-18438 Since IOCanReadHandler now returns an unsigned value, the assertion does not make sense anymore. We choose however to keep a "fail-safe" assertion to catch undesired overflows. Suggested-by: Paolo Bonzini <address@hidden> Signed-off-by: Philippe Mathieu-Daudé <address@hidden> --- chardev/char.c | 17 +++++++++-------- include/chardev/char.h | 9 +++++---- include/sysemu/replay.h | 8 ++++---- replay/replay-char.c | 8 ++++---- stubs/replay.c | 8 ++++---- 5 files changed, 26 insertions(+), 24 deletions(-) Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/qemu-char.c =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/qemu-char.c +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/qemu-char.c @@ -152,7 +152,7 @@ int qemu_chr_fe_ioctl(CharDriverState *s return s->chr_ioctl(s, cmd, arg); } -int qemu_chr_be_can_write(CharDriverState *s) +size_t qemu_chr_be_can_write(CharDriverState *s) { int res; if (!s->chr_can_read) @@ -162,7 +162,7 @@ int qemu_chr_be_can_write(CharDriverStat return res; } -void qemu_chr_be_write(CharDriverState *s, uint8_t *buf, int len) +void qemu_chr_be_write(CharDriverState *s, uint8_t *buf, size_t len) { if (s->chr_read) { s->chr_read(s->handler_opaque, buf, len); Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/include/sysemu/char.h =================================================================== --- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/include/sysemu/char.h +++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/include/sysemu/char.h @@ -243,7 +243,7 @@ void qemu_chr_fe_release(CharDriverState * * Returns: the number of bytes the front end can receive via @qemu_chr_be_write */ -int qemu_chr_be_can_write(CharDriverState *s); +size_t qemu_chr_be_can_write(CharDriverState *s); /** * @qemu_chr_be_write: @@ -255,7 +255,7 @@ int qemu_chr_be_can_write(CharDriverStat * @buf a buffer to receive data from the front end * @len the number of bytes to receive from the front end */ -void qemu_chr_be_write(CharDriverState *s, uint8_t *buf, int len); +void qemu_chr_be_write(CharDriverState *s, uint8_t *buf, size_t len); /**
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor