[Qemu-devel] [PATCH] hw/qxl: vaildate surface->data

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] hw/qxl: vaildate surface->data

From:	Alon Levy
Subject:	[Qemu-devel] [PATCH] hw/qxl: vaildate surface->data
Date:	Thu, 25 Oct 2012 14:27:28 +0200

Signed-off-by: Alon Levy <address@hidden>
---
 hw/qxl.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/hw/qxl.c b/hw/qxl.c
index 1b47ed3..620b476 100644
--- a/hw/qxl.c
+++ b/hw/qxl.c
@@ -453,6 +453,16 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct 
QXLCommandExt *ext)
                               cmd->u.surface_create.stride);
             return 1;
         }
+        if (cmd->type == QXL_SURFACE_CMD_CREATE) {
+            intptr_t surface_offset = (intptr_t)qxl_phys2virt(qxl,
+                                                     
cmd->u.surface_create.data,
+                                                     MEMSLOT_GROUP_GUEST);
+            if (!surface_offset) {
+                qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE invalid data: %ld\n",
+                                  cmd->u.surface_create.data);
+                return 1;
+            }
+        }
         qemu_mutex_lock(&qxl->track_lock);
         if (cmd->type == QXL_SURFACE_CMD_CREATE) {
             qxl->guest_surfaces.cmds[id] = ext->cmd.data;
-- 
1.7.12.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] hw/qxl: vaildate surface->data, Alon Levy <=

Prev by Date: Re: [Qemu-devel] [PATCH v1 8/8] usb/ehci: Put RAM in undefined MMIO regions
Next by Date: Re: [Qemu-devel] [PATCH v1 4/8] usb/ehci: Add usb-ehci-sysbus
Previous by thread: [Qemu-devel] [PATCH v2 0/2] xtensa boards: don't prematurely explode QEMUMachineInitArgs
Next by thread: [Qemu-devel] [PULL 00/36] usb patch queue
Index(es):
- Date
- Thread