+-- On Thu, 25 Jan 2018, Gerd Hoffmann wrote --+
| Ok, finally queueed up v1 for merge.
Okay, cool. Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
Hi,
> > v1 fixes this bug, v2 doesn't.
> >
> > So, I'm tempted to just rip out the whole backward compatibility buffer
> > shuffling logic. Or take v1 of this patch.
>
> I think v1 is OK.
Ok, finally queueed up v1 for merge.
thanks,
Gerd
* Gerd Hoffmann (kra...@redhat.com) wrote:
> > > diff --git a/hw/input/ps2.c b/hw/input/ps2.c
> > > index f388a23c8e..de171a28dd 100644
> > > --- a/hw/input/ps2.c
> > > +++ b/hw/input/ps2.c
> > > @@ -1225,24 +1225,21 @@ static void ps2_common_reset(PS2State *s)
> > > static void ps2_common_post_lo
> > diff --git a/hw/input/ps2.c b/hw/input/ps2.c
> > index f388a23c8e..de171a28dd 100644
> > --- a/hw/input/ps2.c
> > +++ b/hw/input/ps2.c
> > @@ -1225,24 +1225,21 @@ static void ps2_common_reset(PS2State *s)
> > static void ps2_common_post_load(PS2State *s)
> > {
> > PS2Queue *q = &s->queue
+-- On Thu, 16 Nov 2017, Paolo Bonzini wrote --+
| you don't need to change the invalid values to sane ones. Instead, make
| ps2_common_post_load return an int (just like the .post_load member of
| VMStateDescription). You can then detect out of range count/rptr/wptr
| and return -1 for bad indic
On 16/11/2017 08:51, P J P wrote:
> From: Prasad J Pandit
>
> During Qemu guest migration, a destination process invokes ps2
> post_load function. In that, if 'rptr' and 'count' values were
> invalid, it could lead to OOB access or infinite loop issue.
> Add check to avoid it.
>
> Reported-by: C
From: Prasad J Pandit
During Qemu guest migration, a destination process invokes ps2
post_load function. In that, if 'rptr' and 'count' values were
invalid, it could lead to OOB access or infinite loop issue.
Add check to avoid it.
Reported-by: Cyrille Chatras
Signed-off-by: Prasad J Pandit
--
