Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line*

From:	David Buchanan
Subject:	Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions
Date:	Mon, 9 Oct 2017 12:55:29 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0

I might be mistaken, but I don't think this patch actually fixes
CVE-2017-13672. I tested the latest git repo (last commit 530049bc1d)
against my initial reproducer, and QEMU still segfaults.

I think this is because the actual OOB read occurs inside pixman, which
of course is not affected by this patch. Perhaps bounds checks need to
be applied to the arguments passed into pixman?

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions, David Buchanan <=
- Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions, Gerd Hoffmann, 2017/10/09
  - Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions, David Buchanan, 2017/10/09

Prev by Date: Re: [Qemu-devel] [PATCH v9 05/12] migration: Create ram_multifd_page
Next by Date: Re: [Qemu-devel] [PATCH v16 1/5] lib/xbitmap: Introduce xbitmap
Previous by thread: [Qemu-devel] [PATCH v9 0/8] Optimize VMDK I/O by allocating multiple clusters
Next by thread: Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions
Index(es):
- Date
- Thread