fdc: force the fifo access to be in bounds of the allocated buffer
During processing of certain commands such as FD_CMD_READ_ID and FD_CMD_DRIVE_SPECIFICATION_COMMAND the fifo memory access could get out of bounds leading to memory corruption with values coming from the guest. Fix this by making sure that the index is always bounded by the allocated memory. This is CVE-2015-3456. Signed-off-by: NPetr Matousek <pmatouse@redhat.com> Reviewed-by: NJohn Snow <jsnow@redhat.com> Signed-off-by: NJohn Snow <jsnow@redhat.com>
Showing