diff options
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch')
-rw-r--r-- | app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch new file mode 100644 index 000000000000..0074f5f8c77a --- /dev/null +++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-10806.patch @@ -0,0 +1,50 @@ +From bd4a683505b27adc1ac809f71e918e58573d851d Mon Sep 17 00:00:00 2001 +From: Gerd Hoffmann <kraxel@redhat.com> +Date: Tue, 9 May 2017 13:01:28 +0200 +Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Don't reinvent a broken wheel, just use the hexdump function we have. + +Impact: low, broken code doesn't run unless you have debug logging +enabled. + +Reported-by: 李强 <liqiang6-s@360.cn> +Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> +Message-id: 20170509110128.27261-1-kraxel@redhat.com +--- + hw/usb/redirect.c | 13 +------------ + 1 file changed, 1 insertion(+), 12 deletions(-) + +diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c +index b001a27f05..ad5ef783a6 100644 +--- a/hw/usb/redirect.c ++++ b/hw/usb/redirect.c +@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg) + static void usbredir_log_data(USBRedirDevice *dev, const char *desc, + const uint8_t *data, int len) + { +- int i, j, n; +- + if (dev->debug < usbredirparser_debug_data) { + return; + } +- +- for (i = 0; i < len; i += j) { +- char buf[128]; +- +- n = sprintf(buf, "%s", desc); +- for (j = 0; j < 8 && i + j < len; j++) { +- n += sprintf(buf + n, " %02X", data[i + j]); +- } +- error_report("%s", buf); +- } ++ qemu_hexdump((char *)data, stderr, desc, len); + } + + /* +-- +2.13.0 + |