Tree - rpms/qemu - src.fedoraproject.org

Forked from rpms/qemu a year ago

Blob History Raw

		a0f6152	`From: Prasad J Pandit <pjp@fedoraproject.org>`
		a0f6152	`Date: Wed, 12 Oct 2016 11:28:08 +0530`
		a0f6152	`Subject: [PATCH] char: serial: check divider value against baud base`
		a0f6152
		a0f6152	`16550A UART device uses an oscillator to generate frequencies`
		a0f6152	`(baud base), which decide communication speed. This speed could`
		a0f6152	`be changed by dividing it by a divider. If the divider is`
		a0f6152	`greater than the baud base, speed is set to zero, leading to a`
		a0f6152	`divide by zero error. Add check to avoid it.`
		a0f6152
		a0f6152	`Reported-by: Huawei PSIRT <psirt@huawei.com>`
		a0f6152	`Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>`
		a0f6152	`Message-Id: <1476251888-20238-1-git-send-email-ppandit@redhat.com>`
		a0f6152	`Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>`
		a0f6152	`(cherry picked from commit 3592fe0c919cf27a81d8e9f9b4f269553418bb01)`
		a0f6152	`---`
		a0f6152	`hw/char/serial.c \| 3 ++-`
		a0f6152	`1 file changed, 2 insertions(+), 1 deletion(-)`
		a0f6152
		a0f6152	`diff --git a/hw/char/serial.c b/hw/char/serial.c`
		3d039dc	`index 3442f47d36..eec72b7b9e 100644`
		a0f6152	`--- a/hw/char/serial.c`
		a0f6152	`+++ b/hw/char/serial.c`
		a0f6152	`@@ -153,8 +153,9 @@ static void serial_update_parameters(SerialState *s)`
		a0f6152	`int speed, parity, data_bits, stop_bits, frame_size;`
		a0f6152	`QEMUSerialSetParams ssp;`
		a0f6152
		a0f6152	`- if (s->divider == 0)`
		a0f6152	`+ if (s->divider == 0 \|\| s->divider > s->baudbase) {`
		a0f6152	`return;`
		a0f6152	`+ }`
		a0f6152
		a0f6152	`/* Start bit. */`
		a0f6152	`frame_size = 1;`