[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-8.2.2 24/60] hw/smbios: Fix OEM strings table option validation
|
From: |
Michael Tokarev |
|
Subject: |
[Stable-8.2.2 24/60] hw/smbios: Fix OEM strings table option validation |
|
Date: |
Wed, 21 Feb 2024 11:20:12 +0300 |
From: Akihiko Odaki <akihiko.odaki@daynix.com>
qemu_smbios_type11_opts did not have the list terminator and that
resulted in out-of-bound memory access. It also needs to have an element
for the type option.
Cc: qemu-stable@nongnu.org
Fixes: 2d6dcbf93fb0 ("smbios: support setting OEM strings table")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit cd8a35b913c24248267c682cb9a348461c106139)
diff --git a/hw/smbios/smbios.c b/hw/smbios/smbios.c
index 2a90601ac5..522ed1ed9f 100644
--- a/hw/smbios/smbios.c
+++ b/hw/smbios/smbios.c
@@ -369,6 +369,11 @@ static const QemuOptDesc qemu_smbios_type8_opts[] = {
};
static const QemuOptDesc qemu_smbios_type11_opts[] = {
+ {
+ .name = "type",
+ .type = QEMU_OPT_NUMBER,
+ .help = "SMBIOS element type",
+ },
{
.name = "value",
.type = QEMU_OPT_STRING,
@@ -379,6 +384,7 @@ static const QemuOptDesc qemu_smbios_type11_opts[] = {
.type = QEMU_OPT_STRING,
.help = "OEM string data from file",
},
+ { /* end of list */ }
};
static const QemuOptDesc qemu_smbios_type17_opts[] = {
--
2.39.2
- [Stable-8.2.2 29/60] vhost-user.rst: Fix vring address description, (continued)
- [Stable-8.2.2 29/60] vhost-user.rst: Fix vring address description, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 47/60] iotests: Make 144 deterministic again, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 51/60] i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 48/60] .gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 58/60] audio: Depend on dbus_display1_dep, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 56/60] ui/clipboard: add asserts for update and request, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 59/60] meson: Explicitly specify dbus-display1.h dependency, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 36/60] smmu: Clear SMMUPciBus pointer cache when system reset, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 45/60] target/arm: Fix SVE/SME gross MTE suppression checks, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 52/60] i386/cpuid: Move leaf 7 to correct group, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 24/60] hw/smbios: Fix OEM strings table option validation,
Michael Tokarev <=
- [Stable-8.2.2 33/60] hw/cxl: Pass CXLComponentState to cache_mem_ops, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 50/60] i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and FEAT_XSAVE_XSS_HI leafs, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 60/60] tests/qtest: Depend on dbus_display1_dep, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 54/60] ui: reject extended clipboard message if not activated, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 42/60] target/arm: Adjust and validate mtedesc sizem1, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 31/60] cxl/cdat: Fix header sum value in CDAT checksum, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 53/60] target/i386: Generate an illegal opcode exception on cmp instructions with lock prefix, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 37/60] tests/acpi: Allow update of DSDT.cxl, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 46/60] target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking ARM_FEATURE_PMU, Michael Tokarev, 2024/02/21
- [Stable-8.2.2 32/60] hw/cxl/device: read from register values in mdev_reg_read(), Michael Tokarev, 2024/02/21