qemu/hw/timer
Petr Matousek d4862a87e3 i8254: fix out-of-bounds memory access in pit_ioport_read()
Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index.

Fix this by ignoring read from the Mode/Command register.

This is CVE-2015-3214.

Reported-by: Matt Tait <matttait@google.com>
Fixes: 0505bcdec8
Cc: qemu-stable@nongnu.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-06-17 16:03:47 +02:00
..
a9gtimer.c Fix remaining warnings from Sparse (void return) 2015-03-19 11:11:55 +03:00
allwinner-a10-pit.c savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
arm_mptimer.c vmstate: accept QEMUTimer in VMSTATE_TIMER*, add VMSTATE_TIMER_PTR* 2015-01-26 12:22:44 +01:00
arm_timer.c hw/timer/arm_timer.c: Fix misusing qemu_allocate_irqs for single irq 2015-06-03 14:21:24 +03:00
cadence_ttc.c timer: cadence_ttc: Convert to instance_init 2014-06-29 18:38:40 +01:00
digic-timer.c savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
ds1338.c savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
etraxfs_timer.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
exynos4210_mct.c hw/timer/exynos4210_mct: Avoid overflow in exynos4210_ltick_recalc_count 2014-05-13 16:09:39 +01:00
exynos4210_pwm.c savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
exynos4210_rtc.c savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
grlib_gptimer.c hw/timer/grlib_gptimer: remove unnecessary assignment 2014-03-27 19:22:49 +04:00
hpet.c migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
i8254_common.c savevm: Remove all the unneeded version_minimum_id_old (x86) 2014-06-16 04:55:26 +02:00
i8254.c i8254: fix out-of-bounds memory access in pit_ioport_read() 2015-06-17 16:03:47 +02:00
imx_epit.c hw/timer/imx_*: fix TIMER_MAX clash with system symbol 2014-08-09 00:06:32 +04:00
imx_gpt.c hw/timer/imx_*: fix TIMER_MAX clash with system symbol 2014-08-09 00:06:32 +04:00
lm32_timer.c savevm: Remove all the unneeded version_minimum_id_old (rest) 2014-05-14 15:24:51 +02:00
m48t59.c m48t59: add m48t59 sysbus device 2015-03-10 09:18:56 +00:00
Makefile.objs stm32f2xx_timer: Add the stm32f2xx Timer 2015-03-11 13:21:05 +00:00
mc146818rtc.c migration: Use normal VMStateDescriptions for Subsections 2015-06-12 06:53:57 +02:00
milkymist-sysctl.c savevm: Remove all the unneeded version_minimum_id_old (rest) 2014-05-14 15:24:51 +02:00
omap_gptimer.c omap: Fix warnings from Sparse 2015-03-19 11:11:55 +03:00
omap_synctimer.c aio / timers: Switch entire codebase to the new timer API 2013-08-22 19:14:24 +02:00
pl031.c sysbus: Set cannot_instantiate_with_device_add_yet 2013-12-23 00:27:22 +01:00
puv3_ost.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
pxa2xx_timer.c savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
sh_timer.c aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
slavio_timer.c savevm: Remove all the unneeded version_minimum_id_old (rest) 2014-05-14 15:24:51 +02:00
stm32f2xx_timer.c stm32f2xx_timer: Add the stm32f2xx Timer 2015-03-11 13:21:05 +00:00
tusb6010.c hw/timer: Move extern declaration from .c to .h file 2014-08-09 00:06:32 +04:00
twl92230.c savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
xilinx_timer.c timer: xilinx_timer: Convert to realize() 2014-06-09 00:33:02 +02:00