summaryrefslogtreecommitdiff
path: root/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch')
-rw-r--r--app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch22
1 files changed, 22 insertions, 0 deletions
diff --git a/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
new file mode 100644
index 000000000000..31fb69bf8976
--- /dev/null
+++ b/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch
@@ -0,0 +1,22 @@
+CVE-2017-8112
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html
+---
+ hw/scsi/vmw_pvscsi.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
+index 7557546..4a106da 100644
+--- a/hw/scsi/vmw_pvscsi.c
++++ b/hw/scsi/vmw_pvscsi.c
+@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
+ uint32_t len_log2;
+ uint32_t ring_size;
+
+- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
++ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
+ return -1;
+ }
+ ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
+--
+2.9.3
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 07:11:03 +0000