File CVE-2016-8667-qemuu-dma-rc4030-divide-by-zero-e... of Package xen.8005

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-8667-qemuu-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch of Package xen.8005

References: bsc#1005004 CVE-2016-8667

The JAZZ RC4030 chipset emulator has a periodic timer and
associated interval reload register. The reload value is used
as divider when computing timer's next tick value. If reload
value is large, it could lead to divide by zero error. Limit
the interval reload value to avoid it.

Reported-by: Huawei PSIRT <address@hidden>
Signed-off-by: Prasad J Pandit <address@hidden>
---
 hw/dma/rc4030.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/dma/rc4030.c
===================================================================
--- xen-4.4.4-testing.orig/tools/qemu-xen-dir-remote/hw/dma/rc4030.c
+++ xen-4.4.4-testing/tools/qemu-xen-dir-remote/hw/dma/rc4030.c
@@ -377,7 +377,7 @@ static void rc4030_writel(void *opaque,
         break;
     /* Interval timer reload */
     case 0x0228:
-        s->itr = val;
+        s->itr = val & 0x01FF;
         qemu_irq_lower(s->timer_irq);
         set_next_tick(s);
         break;

Places

File CVE-2016-8667-qemuu-dma-rc4030-divide-by-zero-error-in-set_next_tick.patch of Package xen.8005

Places