virtio: fix indirect descriptor buffer overflow
authorMichael S. Tsirkin <mst@redhat.com>
Mon, 20 Jun 2011 10:42:27 +0000 (13:42 +0300)
committerMichael S. Tsirkin <mst@redhat.com>
Sun, 17 Jul 2011 15:47:34 +0000 (18:47 +0300)
commit8132c95719db2f58aab01d9897686235b2dc3958
tree6f8207e0e7a006386d6cec4d7aa1634f4282254d
parent960980fa9b961d18c81e227bbaaab4fa99d5d98b
virtio: fix indirect descriptor buffer overflow

We were previously allowing arbitrarily-long indirect descriptors, which
could lead to a buffer overflow in qemu-kvm process.

CVE-2011-2212

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
hw/virtio.c