gnu: qemu: Patch CVE-2016-857{6,7,8}.

* gnu/packages/qemu.scm (qemu)[source]: Add patches.
* gnu/packages/patches/qemu-CVE-2016-8576.patch,
gnu/packages/patches/qemu-CVE-2016-8577.patch,
gnu/packages/patches/qemu-CVE-2016-8578.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.

1 files changed, 27 insertions, 0 deletions

diff --git a/gnu/packages/patches/qemu-CVE-2016-8578.patch b/gnu/packages/patches/qemu-CVE-2016-8578.patch
new file mode 100644
index 0000000000..92ba365727
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2016-8578.patch
@@ -0,0 +1,27 @@
+From: Li Qiang <[email protected]>
+
+In 9pfs function v9fs_iov_vunmarshal, it will not allocate space
+for empty string. This will cause several NULL pointer dereference
+issues. this patch fix this issue.
+
+Signed-off-by: Li Qiang <[email protected]>
+---
+ fsdev/9p-iov-marshal.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
+index 663cad5..1d16f8d 100644
+--- a/fsdev/9p-iov-marshal.c
++++ b/fsdev/9p-iov-marshal.c
+@@ -125,7 +125,7 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, int out_num, size_t offset,
+                 str->data = g_malloc(str->size + 1);
+                 copied = v9fs_unpack(str->data, out_sg, out_num, offset,
+                                      str->size);
+-                if (copied > 0) {
++                if (copied >= 0) {
+                     str->data[str->size] = 0;
+                 } else {
+                     v9fs_string_free(str);
+-- 
+1.8.3.1
+