falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
qemu-irix/hw/display
History
Li Qiang f054cead44 cirrus: fix oob access issue (CVE-2017-2615) 
When doing bitblt copy in backward mode, we should minus the
blt width first just like the adding in the forward mode. This
can avoid the oob access of the front of vga's vram.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>

{ kraxel: with backward blits (negative pitch) addr is the topmost
          address, so check it as-is against vram size ]

Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Cc: Laszlo Ersek <lersek@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: d3532a0db0 (CVE-2014-8106)
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1485938101-26602-1-git-send-email-kraxel@redhat.com
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
(cherry picked from commit 62d4c6bd52)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
 		2017-03-16 12:10:40 -05:00
..
Makefile.objs introduce xlnx-dp 2016-06-14 16:01:03 +01:00
ads7846.c ssi: change ssi_slave_init to be a realize ops 2016-07-04 13:15:22 +01:00
bcm2835_fb.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
blizzard.c hw/display/blizzard: Remove blizzard_template.h 2016-05-12 13:22:30 +01:00
cg3.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
cirrus_vga.c cirrus: fix oob access issue (CVE-2017-2615) 2017-03-16 12:10:40 -05:00
cirrus_vga_rop.h cirrus: Fix host CPU blits 2014-07-11 10:17:02 +02:00
cirrus_vga_rop2.h hw: move private headers to hw/ subdirectories. 2013-04-08 18:13:16 +02:00
dpcd.c aux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows 2016-07-07 13:47:01 +01:00
exynos4210_fimd.c hw/display: QOM'ify exynos4210_fimd.c 2016-05-12 13:22:27 +01:00
framebuffer.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
framebuffer.h framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer 2015-07-24 13:57:45 +02:00
g364fb.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
jazz_led.c hw/display: QOM'ify jazz_led.c 2016-05-13 09:33:38 +01:00
milkymist-tmu2.c lm32: milkymist-tmu2: fix integer overflow 2016-10-28 18:17:23 +03:00
milkymist-vgafb.c milkymist: update specification URLs 2016-06-20 18:12:04 +02:00
milkymist-vgafb_template.h milkymist-vgafb: swap pixel data in source buffer 2014-02-04 19:34:30 +01:00
omap_dss.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
omap_lcd_template.h omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
omap_lcdc.c omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
pl110.c hw/display: QOM'ify pl110.c 2016-10-24 16:26:56 +01:00
pl110_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
pxa2xx_lcd.c arm: Clean up includes 2016-01-29 15:07:23 +00:00
pxa2xx_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
qxl-logger.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
qxl-render.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
qxl.c qxl: Only emit QXL_INTERRUPT_CLIENT_MONITORS_CONFIG on config changes 2016-12-05 09:37:52 +01:00
qxl.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
sm501.c hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
sm501_template.h hw: use ld_p/st_p instead of ld_raw/st_raw 2014-06-05 16:04:17 +02:00
ssd0303.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
ssd0323.c vmstateify ssd0323 display 2016-09-22 18:13:08 +01:00
tc6393xb.c qemu-common: stop including qemu/host-utils.h from qemu-common.h 2016-05-19 16:42:28 +02:00
tc6393xb_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
tcx.c hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
trace-events trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
vga-helpers.h vga: Rename vga_template.h to vga-helpers.h 2014-09-30 13:34:09 +02:00
vga-isa-mm.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
vga-isa.c portio: keep references on portio 2016-09-08 18:05:21 +04:00
vga-pci.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
vga.c coccinelle: Remove unnecessary variables for function return value 2016-06-20 16:38:13 +02:00
vga.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
vga_int.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
virtio-gpu-3d.c virtio-gpu: fix information leak in getting capset info dispatch 2016-12-05 09:37:52 +01:00
virtio-gpu-pci.c virtio-gpu-pci: tag as not hotpluggable 2016-09-13 09:26:58 +02:00
virtio-gpu.c virtio-gpu: fix memory leak in update_cursor_data_virgl 2016-12-05 09:37:52 +01:00
virtio-vga.c virtio: rename the bar index field name in VirtIOPCIProxy 2016-10-08 11:25:29 +03:00
vmware_vga.c vmsvga: correct bitmap and pixmap size checks 2016-09-13 09:24:35 +02:00
xenfb.c xen: Rename xen_be_find_xendev 2016-10-28 17:54:39 -07:00
xlnx_dp.c xlnx_dp: fix iffy xlnx_dp_aux_push_tx_fifo 2016-07-07 13:47:00 +01:00