[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] cirrus: fix oob access issue (CVE-2017-TODO)

From: Gerd Hoffmann
Subject: Re: [Qemu-devel] [PATCH] cirrus: fix oob access issue (CVE-2017-TODO)
Date: Wed, 25 Jan 2017 11:44:11 +0100

On Mi, 2017-01-25 at 08:07 +0100, Gerd Hoffmann wrote:
> From: Li Qiang <address@hidden>
> When doing bitblt copy in backward mode, we should minus the
> blt width first just like the adding in the forward mode. This
> can avoid the oob access of the front of vga's vram.
> Signed-off-by: Li Qiang <address@hidden>
> Message-id: address@hidden
> { kraxel: with backward blits (negative pitch) addr is the topmost
>           address, so check it as-is against vram size ]
> Cc: address@hidden
> Cc: P J P <address@hidden>
> Cc: Laszlo Ersek <address@hidden>
> Cc: Paolo Bonzini <address@hidden>
> Cc: Wolfgang Bumiller <address@hidden>
> Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
> Signed-off-by: Gerd Hoffmann <address@hidden>

For testers:  All pending cirrus fixes are now pushed to:

  git://git.kraxel.org/qemu queue/vga

Gerd Hoffmann (1):
      cirrus: fix blit address mask handling

Li Qiang (1):
      cirrus: fix oob access issue (CVE-2017-TODO)

Wolfgang Bumiller (1):
      cirrus: allow zero source pitch in pattern fill rops


reply via email to

[Prev in Thread] Current Thread [Next in Thread]