Blame 0017-char-serial-check-divider-value-against-baud-base.patch
|
|
a0f6152 |
From: Prasad J Pandit <pjp@fedoraproject.org>
|
|
|
a0f6152 |
Date: Wed, 12 Oct 2016 11:28:08 +0530
|
|
|
a0f6152 |
Subject: [PATCH] char: serial: check divider value against baud base
|
|
|
a0f6152 |
|
|
|
a0f6152 |
16550A UART device uses an oscillator to generate frequencies
|
|
|
a0f6152 |
(baud base), which decide communication speed. This speed could
|
|
|
a0f6152 |
be changed by dividing it by a divider. If the divider is
|
|
|
a0f6152 |
greater than the baud base, speed is set to zero, leading to a
|
|
|
a0f6152 |
divide by zero error. Add check to avoid it.
|
|
|
a0f6152 |
|
|
|
a0f6152 |
Reported-by: Huawei PSIRT <psirt@huawei.com>
|
|
|
a0f6152 |
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
|
|
a0f6152 |
Message-Id: <1476251888-20238-1-git-send-email-ppandit@redhat.com>
|
|
|
a0f6152 |
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
a0f6152 |
(cherry picked from commit 3592fe0c919cf27a81d8e9f9b4f269553418bb01)
|
|
|
a0f6152 |
---
|
|
|
a0f6152 |
hw/char/serial.c | 3 ++-
|
|
|
a0f6152 |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
a0f6152 |
|
|
|
a0f6152 |
diff --git a/hw/char/serial.c b/hw/char/serial.c
|
|
|
3d039dc |
index 3442f47d36..eec72b7b9e 100644
|
|
|
a0f6152 |
--- a/hw/char/serial.c
|
|
|
a0f6152 |
+++ b/hw/char/serial.c
|
|
|
a0f6152 |
@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)
|
|
|
a0f6152 |
int speed, parity, data_bits, stop_bits, frame_size;
|
|
|
a0f6152 |
QEMUSerialSetParams ssp;
|
|
|
a0f6152 |
|
|
|
a0f6152 |
- if (s->divider == 0)
|
|
|
a0f6152 |
+ if (s->divider == 0 || s->divider > s->baudbase) {
|
|
|
a0f6152 |
return;
|
|
|
a0f6152 |
+ }
|
|
|
a0f6152 |
|
|
|
a0f6152 |
/* Start bit. */
|
|
|
a0f6152 |
frame_size = 1;
|