summaryrefslogtreecommitdiff
path: root/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch')
-rw-r--r--app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch30
1 files changed, 0 insertions, 30 deletions
diff --git a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch b/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
deleted file mode 100644
index a27d3a6fb19..00000000000
--- a/app-emulation/qemu/files/qemu-2.7.0-CVE-2016-8668.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Prasad J Pandit <address@hidden>
-
-Rocker network switch emulator has test registers to help debug
-DMA operations. While testing host DMA access, a buffer address
-is written to register 'TEST_DMA_ADDR' and its size is written to
-register 'TEST_DMA_SIZE'. When performing TEST_DMA_CTRL_INVERT
-test, if DMA buffer size was greater than 'INT_MAX', it leads to
-an invalid buffer access. Limit the DMA buffer size to avoid it.
-
-Reported-by: Huawei PSIRT <address@hidden>
-Signed-off-by: Prasad J Pandit <address@hidden>
----
- hw/net/rocker/rocker.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c
-index 30f2ce4..e9d215a 100644
---- a/hw/net/rocker/rocker.c
-+++ b/hw/net/rocker/rocker.c
-@@ -860,7 +860,7 @@ static void rocker_io_writel(void *opaque, hwaddr addr, uint32_t val)
- rocker_msix_irq(r, val);
- break;
- case ROCKER_TEST_DMA_SIZE:
-- r->test_dma_size = val;
-+ r->test_dma_size = val & 0xFFFF;
- break;
- case ROCKER_TEST_DMA_ADDR + 4:
- r->test_dma_addr = ((uint64_t)val) << 32 | r->lower32;
---
-2.5.5
generated by cgit v1.2.1 (git 2.18.0) at 2024-09-02 11:40:13 +0000