115 lines
4.1 KiB
Diff
115 lines
4.1 KiB
Diff
Index: xen-3.3.0-testing/tools/ioemu-remote/block.c
|
|
===================================================================
|
|
--- xen-3.3.0-testing.orig/tools/ioemu-remote/block.c
|
|
+++ xen-3.3.0-testing/tools/ioemu-remote/block.c
|
|
@@ -630,6 +630,9 @@ int bdrv_write(BlockDriverState *bs, int
|
|
return 0;
|
|
}
|
|
} else {
|
|
+ unsigned int ns = sector_num * 512;
|
|
+ if (ns < 0)
|
|
+ return -1;
|
|
return drv->bdrv_write(bs, sector_num, buf, nb_sectors);
|
|
}
|
|
}
|
|
Index: xen-3.3.0-testing/tools/ioemu-remote/hw/ne2000.c
|
|
===================================================================
|
|
--- xen-3.3.0-testing.orig/tools/ioemu-remote/hw/ne2000.c
|
|
+++ xen-3.3.0-testing/tools/ioemu-remote/hw/ne2000.c
|
|
@@ -218,7 +218,7 @@ static int ne2000_can_receive(void *opaq
|
|
NE2000State *s = opaque;
|
|
|
|
if (s->cmd & E8390_STOP)
|
|
- return 1;
|
|
+ return 0;
|
|
return !ne2000_buffer_full(s);
|
|
}
|
|
|
|
Index: xen-3.3.0-testing/tools/ioemu-remote/hw/pc.c
|
|
===================================================================
|
|
--- xen-3.3.0-testing.orig/tools/ioemu-remote/hw/pc.c
|
|
+++ xen-3.3.0-testing/tools/ioemu-remote/hw/pc.c
|
|
@@ -387,7 +387,8 @@ static void bochs_bios_write(void *opaqu
|
|
case 0x400:
|
|
case 0x401:
|
|
fprintf(stderr, "BIOS panic at rombios.c, line %d\n", val);
|
|
- exit(1);
|
|
+ /* according to documentation, these can be safely ignored */
|
|
+ break;
|
|
case 0x402:
|
|
case 0x403:
|
|
#ifdef DEBUG_BIOS
|
|
@@ -410,8 +411,9 @@ static void bochs_bios_write(void *opaqu
|
|
/* LGPL'ed VGA BIOS messages */
|
|
case 0x501:
|
|
case 0x502:
|
|
+ /* according to documentation, these can be safely ignored */
|
|
fprintf(stderr, "VGA BIOS panic, line %d\n", val);
|
|
- exit(1);
|
|
+ break;
|
|
case 0x500:
|
|
case 0x503:
|
|
#ifdef DEBUG_BIOS
|
|
Index: xen-3.3.0-testing/tools/ioemu-remote/target-i386/translate.c
|
|
===================================================================
|
|
--- xen-3.3.0-testing.orig/tools/ioemu-remote/target-i386/translate.c
|
|
+++ xen-3.3.0-testing/tools/ioemu-remote/target-i386/translate.c
|
|
@@ -5661,6 +5661,7 @@ static target_ulong disas_insn(DisasCont
|
|
gen_jmp_im(pc_start - s->cs_base);
|
|
gen_op_into(s->pc - pc_start);
|
|
break;
|
|
+#ifdef WANT_ICEBP
|
|
case 0xf1: /* icebp (undocumented, exits to external debugger) */
|
|
if (gen_svm_check_intercept(s, pc_start, SVM_EXIT_ICEBP))
|
|
break;
|
|
@@ -5672,6 +5673,7 @@ static target_ulong disas_insn(DisasCont
|
|
cpu_set_log(CPU_LOG_INT | CPU_LOG_TB_IN_ASM);
|
|
#endif
|
|
break;
|
|
+#endif /* icebp */
|
|
case 0xfa: /* cli */
|
|
if (!s->vm86) {
|
|
if (s->cpl <= s->iopl) {
|
|
Index: xen-3.3.0-testing/tools/ioemu-remote/vl.c
|
|
===================================================================
|
|
--- xen-3.3.0-testing.orig/tools/ioemu-remote/vl.c
|
|
+++ xen-3.3.0-testing/tools/ioemu-remote/vl.c
|
|
@@ -4380,8 +4380,8 @@ typedef struct NetSocketState {
|
|
VLANClientState *vc;
|
|
int fd;
|
|
int state; /* 0 = getting length, 1 = getting data */
|
|
- int index;
|
|
- int packet_len;
|
|
+ unsigned int index;
|
|
+ unsigned int packet_len;
|
|
uint8_t buf[4096];
|
|
struct sockaddr_in dgram_dst; /* contains inet host and port destination iff connectionless (SOCK_DGRAM) */
|
|
} NetSocketState;
|
|
@@ -4412,7 +4412,8 @@ static void net_socket_receive_dgram(voi
|
|
static void net_socket_send(void *opaque)
|
|
{
|
|
NetSocketState *s = opaque;
|
|
- int l, size, err;
|
|
+ int size, err;
|
|
+ unsigned l;
|
|
uint8_t buf1[4096];
|
|
const uint8_t *buf;
|
|
|
|
@@ -4451,7 +4452,15 @@ static void net_socket_send(void *opaque
|
|
l = s->packet_len - s->index;
|
|
if (l > size)
|
|
l = size;
|
|
- memcpy(s->buf + s->index, buf, l);
|
|
+ if (s->index + l <= sizeof(s->buf)) {
|
|
+ memcpy(s->buf + s->index, buf, l);
|
|
+ } else {
|
|
+ fprintf(stderr, "serious error: oversized packet received,"
|
|
+ "connection terminated.\n");
|
|
+ s->state = 0;
|
|
+ goto eoc;
|
|
+ }
|
|
+
|
|
s->index += l;
|
|
buf += l;
|
|
size -= l;
|