Original Xbox Emulator for Windows, macOS, and Linux (Active Development)
Go to file
Stefan Weil a32354e206 hw/mcf5206: Fix buffer overflow for MBAR read / write
Report from smatch:

mcf5206.c:384 m5206_mbar_readb(7) error: buffer overflow 'm5206_mbar_width' 128 <= 128
mcf5206.c:403 m5206_mbar_readw(8) error: buffer overflow 'm5206_mbar_width' 128 <= 128
mcf5206.c:427 m5206_mbar_readl(8) error: buffer overflow 'm5206_mbar_width' 128 <= 128
mcf5206.c:451 m5206_mbar_writeb(9) error: buffer overflow 'm5206_mbar_width' 128 <= 128
mcf5206.c:475 m5206_mbar_writew(9) error: buffer overflow 'm5206_mbar_width' 128 <= 128
mcf5206.c:503 m5206_mbar_writel(9) error: buffer overflow 'm5206_mbar_width' 128 <= 128

m5206_mbar_width has 0x80 elements and supports 0 <= offset < 0x200.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2012-09-10 15:03:05 +02:00
audio audio/winwave: previous audio buffer should be flushed 2012-08-28 19:11:28 +04:00
block Merge remote-tracking branch 'kwolf/for-anthony' into staging 2012-08-31 10:04:18 -05:00
bsd-user Support 'help' as a synonym for '?' in command line options 2012-08-02 13:16:42 -05:00
default-configs arm: Move some ARM devices into libhw 2012-08-13 16:13:02 +01:00
docs docs: Fix spelling (propery -> property) 2012-08-15 15:18:54 +01:00
fpu
fsdev build: move fsdev/ objects to nested Makefile.objs 2012-06-07 09:21:13 +02:00
gdb-xml
hw hw/mcf5206: Fix buffer overflow for MBAR read / write 2012-09-10 15:03:05 +02:00
include/qemu Merge remote-tracking branch 'quintela/migration-next-20120808' into staging 2012-08-13 16:02:11 -05:00
libcacard libcacard: build fixes 2012-06-21 20:04:24 +00:00
linux-headers linux-headers: update to 3.6-rc3 2012-08-29 10:51:28 -05:00
linux-user linux-user: Clarify "Unable to reserve guest address space" error 2012-08-27 10:18:01 +03:00
net qapi: avoid reserved keywords 2012-08-09 18:34:57 +00:00
pc-bios Update OpenBIOS PPC image 2012-08-28 20:38:39 +02:00
qapi qapi: Fix memory leak 2012-08-20 11:05:08 -03:00
qga build: Fix linking failure for qemu-ga 2012-07-29 08:41:53 +00:00
QMP qmp: add SUSPEND_DISK event 2012-08-13 16:10:18 -03:00
qom qom: object_delete should unparent the object first 2012-08-23 20:19:59 -05:00
roms Update OpenBIOS PPC image 2012-08-28 20:38:39 +02:00
scripts CHECKPATCH: Add warning for single else statement. 2012-09-05 19:17:49 +00:00
slirp slirp: fix build on mingw32 2012-08-06 19:31:55 -05:00
sysconfigs/target
target-alpha alpha-linux-user: Work around hosted mmap allocation problems 2012-08-04 09:37:48 -07:00
target-arm target-arm: Fix potential buffer overflow 2012-09-10 15:00:06 +02:00
target-cris target-cris: Fix buffer overflow 2012-09-08 06:30:25 +02:00
target-i386 w32: Fix broken build 2012-08-30 16:36:21 -05:00
target-lm32 build: move other target-*/ objects to nested Makefile.objs 2012-06-07 09:21:11 +02:00
target-m68k build: move other target-*/ objects to nested Makefile.objs 2012-06-07 09:21:11 +02:00
target-microblaze qemu-log: use LOG_UNIMP for some target CPU cases 2012-06-21 18:45:22 +00:00
target-mips MIPS/user: Fix reset CPU state initialization 2012-09-08 01:37:23 +02:00
target-openrisc target-or32: Add linux user support 2012-07-27 21:13:05 +00:00
target-ppc target-ppc: fix altivec instructions 2012-08-28 18:49:22 +02:00
target-s390x target-s390x: switch to AREG0 free mode 2012-09-10 13:38:33 +02:00
target-sh4 build: move other target-*/ objects to nested Makefile.objs 2012-06-07 09:21:11 +02:00
target-sparc target-sparc: fix fcmp{s,d,q} instructions wrt exception 2012-09-08 09:03:45 +00:00
target-unicore32 unicore32-softmmu: Add a minimal curses screen support 2012-08-11 09:37:05 +00:00
target-xtensa target-xtensa: fix missing errno codes for mingw32 2012-09-08 08:46:29 +00:00
tcg tcg/s390: fix ld/st with CONFIG_TCG_PASS_AREG0 2012-09-10 13:38:33 +02:00
tests qemu-iotests: add backing file smaller than image test case 2012-08-29 15:23:35 +02:00
trace trace/simple: Replace asprintf by g_strdup_printf 2012-08-14 13:19:57 +01:00
ui net: inet_connect(), inet_connect_opts(): add in_progress argument 2012-08-13 13:20:34 -03:00
.gitignore .gitignore update 2012-07-07 09:04:42 +00:00
.gitmodules
.mailmap
a.out.h
acl.c
acl.h
aes.c
aes.h
aio.c
alpha-dis.c
alpha.ld
arch_init.c qapi: add 'query-target' command to return target arch 2012-08-22 10:47:17 -05:00
arch_init.h win32: provide separate macros for weak decls and definitions 2012-08-15 13:26:03 -05:00
arm-dis.c
arm.ld
async.c
balloon.c Add event notification for guest balloon changes 2012-06-15 13:34:50 -03:00
balloon.h Add event notification for guest balloon changes 2012-06-15 13:34:50 -03:00
bitmap.c
bitmap.h
bitops.c
bitops.h bitops: drop volatile qualifier 2012-08-04 15:51:23 +00:00
block_int.h block: block_int: include qerror.h 2012-08-13 13:20:50 -03:00
block-migration.c savevm: split save_live into stage2 and stage3 2012-07-20 08:19:27 +02:00
block-migration.h
block.c block: Flush parent to OS with cache=unsafe 2012-08-15 15:14:43 +02:00
block.h block: add BLOCK_O_CHECK for qemu-img check 2012-08-10 10:25:12 +02:00
blockdev.c blockdev: flip default cache mode from writethrough to writeback 2012-08-10 10:25:12 +02:00
blockdev.h blockdev: Don't limit DriveInfo serial to 20 characters 2012-07-17 16:48:32 +02:00
bswap.h
bt-host.c
bt-host.h
bt-vhci.c
buffered_file.c
buffered_file.h
cache-utils.c
cache-utils.h
Changelog fix some common typos 2012-05-14 07:27:24 +02:00
cmd.c
cmd.h
CODING_STYLE
compatfd.c
compatfd.h
compiler.h win32: provide separate macros for weak decls and definitions 2012-08-15 13:26:03 -05:00
config.h
configure target-s390x: switch to AREG0 free mode 2012-09-10 13:38:33 +02:00
console.c console: bounds check whenever changing the cursor due to an escape code 2012-09-04 10:26:17 -05:00
console.h
COPYING
COPYING.LIB
coroutine-gthread.c
coroutine-sigaltstack.c Merge remote-tracking branch 'kwolf/for-anthony' into staging 2012-05-14 12:45:01 -05:00
coroutine-ucontext.c configure: Split valgrind test into pragma test and valgrind.h test 2012-07-31 20:04:42 +00:00
coroutine-win32.c
cpu-all.h x86: switch to AREG0 free mode 2012-08-14 19:01:26 +00:00
cpu-common.h cpu-common.h: Remove a pointless ifndef CONFIG_USER_ONLY 2012-07-02 10:10:07 +01:00
cpu-defs.h cpu: Move thread_kicked to CPUState 2012-08-02 18:12:17 +02:00
cpu-exec.c Revert "i8259: add -no-spurious-interrupt-hack option" 2012-08-27 18:33:12 +04:00
cpus.c kvm: Decouple 'async interrupt delivery' from 'kernel irqchip' 2012-08-09 16:16:53 +03:00
cpus.h
cputlb.c cputlb.c: Fix out of date comment 2012-08-15 15:18:54 +01:00
cputlb.h
cris-dis.c
cursor_hidden.xpm
cursor_left_ptr.xpm
cursor.c
cutils.c block: Enable qemu_open/close to work with fd sets 2012-08-15 13:16:22 +02:00
def-helper.h
device_tree.c device_tree: Add support for reading device tree properties 2012-07-20 13:34:50 +01:00
device_tree.h device_tree: Add support for reading device tree properties 2012-07-20 13:34:50 +01:00
dis-asm.h
disas.c disas: Fix printing of addresses in disassembly 2012-07-14 10:32:34 +00:00
disas.h
dma-helpers.c dma: Fix stupid typo/thinko 2012-08-16 13:41:16 -05:00
dma.h Avoid returning void 2012-07-28 09:23:11 +00:00
dump-stub.c dump: Fix license version (GPL2+ instead of GPL2) 2012-06-11 22:20:21 +02:00
dump.c dump: Fix license version (GPL2+ instead of GPL2) 2012-06-11 22:20:21 +02:00
dump.h dump: Fix license version (GPL2+ instead of GPL2) 2012-06-11 22:20:21 +02:00
dyngen-exec.h
elf.h target-or32: Add target stubs and QOM cpu 2012-07-27 21:12:55 +00:00
envlist.c
envlist.h
error.c error, qerror: drop QDict member 2012-08-13 14:17:53 -03:00
error.h error, qerror: pass desc string to error calls 2012-08-13 14:17:53 -03:00
event_notifier.c event_notifier: add event_notifier_set_handler 2012-07-12 14:08:10 +03:00
event_notifier.h event_notifier: add event_notifier_set_handler 2012-07-12 14:08:10 +03:00
exec-all.h cleanup cpu_set_debug_excp_handler 2012-06-25 15:37:15 +02:00
exec-memory.h
exec-obsolete.h Maintain the number of dirty pages 2012-06-29 13:31:07 +02:00
exec.c memory: add -machine dump-guest-core=on|off 2012-08-16 13:41:15 -05:00
gdbstub.c target-or32: Add gdb stub support 2012-07-27 21:13:04 +00:00
gdbstub.h make gdb_id() generally avialable and rename it to cpu_index() 2012-06-04 13:49:34 -03:00
gen-icount.h
HACKING
hmp-commands.hx Add migrate_set_cache_size command 2012-08-08 13:51:12 +02:00
hmp.c migration: move total_time from ram stats to migration info 2012-08-21 15:06:24 -03:00
hmp.h Merge remote-tracking branch 'qmp/queue/qmp' into staging 2012-08-13 16:12:35 -05:00
host-utils.c
host-utils.h
hppa-dis.c
hppa.ld
i386-dis.c
i386.ld
ia64-dis.c
ia64.ld
input.c
int128.h
iohandler.c eventfd: making it thread safe 2012-08-21 15:16:29 -05:00
ioport.c
ioport.h
iorange.h
iov.c iov_send_recv(): Handle zero bytes case even if OS does not 2012-08-15 15:21:33 +01:00
iov.h rewrite iov_send_recv() and move it to iov.c 2012-06-11 23:12:11 +04:00
json-lexer.c
json-lexer.h
json-parser.c json-parser: don't replicate tokens at each level of recursion 2012-08-16 13:41:15 -05:00
json-parser.h
json-streamer.c
json-streamer.h
kvm-all.c kvm: Decouple 'GSI routing' from 'kernel irqchip' 2012-08-09 16:16:57 +03:00
kvm-stub.c kvm: Decouple 'GSI routing' from 'kernel irqchip' 2012-08-09 16:16:57 +03:00
kvm.h kvm: Add documentation comment for kvm_irqchip_in_kernel() 2012-08-09 16:16:58 +03:00
libfdt_env.h
LICENSE
linux-aio.c consolidate qemu_iovec_memset{,_skip}() into single function and use existing iov_memset() 2012-06-11 23:07:44 +04:00
lm32-dis.c
m68k-dis.c
m68k.ld
main-loop.c
main-loop.h
MAINTAINERS Add MAINTAINERS entry for leon3 2012-09-08 09:09:06 +00:00
Makefile Merge remote-tracking branch 'stefanha/trivial-patches' into staging 2012-08-15 13:25:54 -05:00
Makefile.dis build: get dependency file directories from object file names 2012-07-28 09:16:09 +00:00
Makefile.hw build: get dependency file directories from object file names 2012-07-28 09:16:09 +00:00
Makefile.objs Adding support for libseccomp in configure and Makefile (v8) 2012-08-16 13:41:16 -05:00
Makefile.target build: get dependency file directories from object file names 2012-07-28 09:16:09 +00:00
Makefile.user build: get dependency file directories from object file names 2012-07-28 09:16:09 +00:00
memory_mapping-stub.c Fix some more license versions (GPL2+ instead of GPL2) 2012-06-15 10:41:05 -03:00
memory_mapping.c Fix some more license versions (GPL2+ instead of GPL2) 2012-06-15 10:41:05 -03:00
memory_mapping.h Fix some more license versions (GPL2+ instead of GPL2) 2012-06-15 10:41:05 -03:00
memory.c memory: Fix copy&paste mistake in memory_region_iorange_write 2012-08-29 08:25:37 -05:00
memory.h memory: pass EventNotifier, not eventfd 2012-07-12 14:08:10 +03:00
microblaze-dis.c
migration-exec.c
migration-fd.c
migration-tcp.c migration: don't rely on any QERR_SOCKET_* 2012-08-13 13:20:39 -03:00
migration-unix.c
migration.c migration: move total_time from ram stats to migration info 2012-08-21 15:06:24 -03:00
migration.h Add XBZRLE statistics 2012-08-08 13:51:12 +02:00
mips-dis.c
mips.ld
module.c
module.h
monitor.c monitor: don't try to initialize json parser when monitor is HMP 2012-08-23 20:19:59 -05:00
monitor.h block: Enable qemu_open/close to work with fd sets 2012-08-15 13:16:22 +02:00
nbd.c net: inet_connect(), inet_connect_opts(): add in_progress argument 2012-08-13 13:20:34 -03:00
nbd.h
net.c Merge remote-tracking branch 'stefanha/net' into staging 2012-08-03 13:54:05 -05:00
net.h net: cleanup deliver/deliver_iov func pointers 2012-08-01 13:32:11 +01:00
notify.c
notify.h
os-posix.c fips: fix build on !Linux 2012-08-03 18:28:37 -05:00
os-win32.c Prevent disk data loss when closing qemu 2012-06-15 14:03:42 +02:00
osdep.c osdep: Fix compilation failure on BSD systems 2012-08-16 13:41:16 -05:00
osdep.h memory: add -machine dump-guest-core=on|off 2012-08-16 13:41:15 -05:00
oslib-posix.c s390: autodetect map private 2012-07-10 18:27:33 +02:00
oslib-win32.c
page_cache.c Add cache handling functions 2012-08-08 13:51:12 +02:00
path.c
pci-ids.txt
pflib.c
pflib.h
poison.h target-or32: Add target stubs and QOM cpu 2012-07-27 21:12:55 +00:00
posix-aio-compat.c consolidate qemu_iovec_memset{,_skip}() into single function and use existing iov_memset() 2012-06-11 23:07:44 +04:00
ppc64.ld
ppc-dis.c
ppc.ld
qapi-schema-guest.json qemu-ga: add guest-fstrim command 2012-06-21 17:59:27 -05:00
qapi-schema-test.json
qapi-schema.json Merge remote-tracking branch 'qmp/queue/qmp' into staging 2012-08-22 13:33:15 -05:00
qbool.c
qbool.h
qdict-test-data.txt
qdict.c
qdict.h
qemu_socket.h net: inet_connect(), inet_connect_opts(): add in_progress argument 2012-08-13 13:20:34 -03:00
qemu-aio.h
qemu-barrier.h
qemu-bridge-helper.c net: Add interface to bridge when SIOCBRADDIF isn't available 2012-08-01 12:28:51 +01:00
qemu-char.c qemu-char: (Re-)connect for tcp_chr_write() unconnected writing 2012-08-16 13:41:38 -05:00
qemu-char.h
qemu-common.h block: Enable qemu_open/close to work with fd sets 2012-08-15 13:16:22 +02:00
qemu-config.c Command line support for seccomp with -sandbox (v8) 2012-08-16 13:41:16 -05:00
qemu-config.h Command line support for seccomp with -sandbox (v8) 2012-08-16 13:41:16 -05:00
qemu-coroutine-int.h
qemu-coroutine-io.c rewrite iov_send_recv() and move it to iov.c 2012-06-11 23:12:11 +04:00
qemu-coroutine-lock.c
qemu-coroutine-sleep.c
qemu-coroutine.c
qemu-coroutine.h
qemu-doc.texi iscsi: Pick default initiator-name based on the name of the VM 2012-08-09 15:04:09 +02:00
qemu-error.c
qemu-error.h
qemu-file.h
qemu-ga.c qemu-ga: Fix null pointer passed to unlink in failure branch 2012-08-29 08:25:55 -05:00
qemu-img-cmds.hx qemu-img check -r for repairing images 2012-06-15 14:03:42 +02:00
qemu-img.c block: add BLOCK_O_CHECK for qemu-img check 2012-08-10 10:25:12 +02:00
qemu-img.texi Documentation: Warn against qemu-img on active image 2012-08-17 21:29:15 +02:00
qemu-io.c qemu-io: add "abort" command to simulate program crash 2012-08-06 22:39:14 +02:00
qemu-lock.h
qemu-log.c qemu-log: fix x86 and user logging 2012-07-14 11:53:03 +00:00
qemu-log.h qemu-log: fix x86 and user logging 2012-07-14 11:53:03 +00:00
qemu-nbd.c qemu-nbd: add --cache and --aio options 2012-07-24 09:31:53 +02:00
qemu-nbd.texi
qemu-objects.h
qemu-option-internal.h expose QemuOpt and QemuOpts struct definitions to interested parties 2012-07-23 11:55:17 +01:00
qemu-option.c Support 'help' as a synonym for '?' in command line options 2012-08-02 13:16:42 -05:00
qemu-option.h Support 'help' as a synonym for '?' in command line options 2012-08-02 13:16:42 -05:00
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx Revert "qemu-options.hx: mention retrace= VGA option" 2012-08-27 18:33:21 +04:00
qemu-os-posix.h
qemu-os-win32.h
qemu-progress.c
qemu-queue.h
qemu-seccomp.c Adding qemu-seccomp.[ch] (v8) 2012-08-16 13:41:16 -05:00
qemu-seccomp.h Adding qemu-seccomp.[ch] (v8) 2012-08-16 13:41:16 -05:00
qemu-sockets.c migration: don't rely on any QERR_SOCKET_* 2012-08-13 13:20:39 -03:00
qemu-tech.texi doc: Fix indefinite article an -> a before nouns that begin with 'h' 2012-07-17 15:40:14 -05:00
qemu-thread-posix.c qemu-thread: Let qemu_thread_is_self() return bool 2012-08-02 18:11:11 +02:00
qemu-thread-posix.h
qemu-thread-win32.c qemu-thread: Let qemu_thread_is_self() return bool 2012-08-02 18:11:11 +02:00
qemu-thread-win32.h
qemu-thread.h qemu-thread: Let qemu_thread_is_self() return bool 2012-08-02 18:11:11 +02:00
qemu-timer-common.c
qemu-timer.c qemu-timer: properly arm alarm timer for timers set by device initialization 2012-09-04 12:30:28 +02:00
qemu-timer.h
qemu-tls.h
qemu-tool.c block: Enable qemu_open/close to work with fd sets 2012-08-15 13:16:22 +02:00
qemu-user.c block: Enable qemu_open/close to work with fd sets 2012-08-15 13:16:22 +02:00
qemu-x509.h
qemu-xattr.h
qemu.sasl
qerror.c error, qerror: drop QDict member 2012-08-13 14:17:53 -03:00
qerror.h error, qerror: drop QDict member 2012-08-13 14:17:53 -03:00
qfloat.c
qfloat.h
qint.c
qint.h
qjson.c
qjson.h
qlist.c qlist: add qlist_size() 2012-08-16 13:41:15 -05:00
qlist.h qlist: add qlist_size() 2012-08-16 13:41:15 -05:00
qmp-commands.hx Merge remote-tracking branch 'qmp/queue/qmp' into staging 2012-08-22 13:33:15 -05:00
qmp.c win32: provide separate macros for weak decls and definitions 2012-08-15 13:26:03 -05:00
qobject.h
qstring.c
qstring.h
qtest.c
qtest.h
range.h
readline.c monitor: Fix memory leak with readline completion 2012-06-15 10:41:05 -03:00
readline.h
README
rules.mak Support using a different compiler for Objective-C files 2012-08-16 13:41:15 -05:00
s390-dis.c
s390.ld
savevm.c Merge remote-tracking branch 'agraf/ppc-for-upstream' into staging 2012-08-15 14:59:21 -05:00
sh4-dis.c
softmmu_defs.h
softmmu_exec.h
softmmu_header.h
softmmu_template.h
softmmu-semi.h softmmu-semi: fix lock_user* functions not to deref NULL upon OOM 2012-08-22 10:47:14 -05:00
sparc64.ld
sparc-dis.c
sparc.ld
spice-qemu-char.c
sysemu.h Revert "i8259: add -no-spurious-interrupt-hack option" 2012-08-27 18:33:12 +04:00
targphys.h targphys.h: Define TARGET_PRI*PHYS format specifier macros 2012-07-14 10:35:48 +00:00
tcg-runtime.c
tci-dis.c
tci.c tci: Support INDEX_op_bswap64_i64 2012-06-22 10:34:21 +01:00
thunk.c
thunk.h
TODO
trace-events pseries: Add PCI MSI/MSI-X support 2012-08-15 19:43:16 +02:00
translate-all.c
uboot_image.h
user-exec.c user: fix accidental AREG0 use 2012-08-09 18:34:57 +00:00
VERSION Open up 1.3 development tree 2012-09-05 11:44:53 -05:00
version.rc
vgafont.h
vl.c Revert "vl: fix -hdachs/-hda argument order parsing issues" 2012-08-27 18:33:22 +04:00
vmstate.h savevm: split save_live into stage2 and stage3 2012-07-20 08:19:27 +02:00
x86_64.ld
xen-all.c xen-all.c: fix multiply issue for int and uint types 2012-08-22 10:17:43 +00:00
xen-mapcache.c Fix invalidate if memory requested was not bucket aligned 2012-08-22 10:17:04 +00:00
xen-mapcache.h
xen-stub.c

Read the documentation in qemu-doc.html or on http://wiki.qemu.org

- QEMU team