Re: [Qemu-devel] [PATCH] vga: check the validation of memory addr when d

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] vga: check the validation of memory addr when d

From:	P J P
Subject:	Re: [Qemu-devel] [PATCH] vga: check the validation of memory addr when draw text
Date:	Thu, 11 Jan 2018 16:11:28 +0530 (IST)

+-- On Mon, 25 Dec 2017, linzhecheng wrote --+
| --- a/hw/display/vga.c
| +++ b/hw/display/vga.c
| @@ -1279,6 +1279,10 @@ static void vga_draw_text(VGACommonState *s, int 
full_update)
|          cx_min = width;
|          cx_max = -1;
|          for(cx = 0; cx < width; cx++) {
| +            if (src + sizeof(uint16_t) > s->vram_ptr + s->vram_size) {
| +                printf("src is out of the range of vga ram.\n");
| +                return;
| +             }
|              ch_attr = *(uint16_t *)src;

This does fix the OOB access and segfault issue. Maybe it could 'break;' 
instead of 'return;' with no printf(...)?

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH] vga: check the validation of memory addr when draw text, P J P <=

Prev by Date: Re: [Qemu-devel] [RFC PATCH v3 00/30] replay additions
Next by Date: Re: [Qemu-devel] [RFC PATCH 0/3] vfio: ccw: basic channel path event handling
Previous by thread: [Qemu-devel] [PATCH] virtio: improve virtio devices initialization time
Next by thread: [Qemu-devel] [PATCH] cpus: unify qemu_*_wait_io_event
Index(es):
- Date
- Thread