qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3] ui/cursor: fix integer overflow in cursor_alloc (CVE-2021

From: Peter Maydell
Subject: Re: [PATCH v3] ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
Date: Thu, 7 Apr 2022 18:46:00 +0100 
On Thu, 7 Apr 2022 at 10:21, Marc-André Lureau
<marcandre.lureau@gmail.com> wrote:
>
>
>
> On Thu, Apr 7, 2022 at 12:23 PM Mauro Matteo Cascella <mcascell@redhat.com> 
> wrote:
>>
>> Prevent potential integer overflow by limiting 'width' and 'height' to
>> 512x512. Also change 'datasize' type to size_t. Refer to security
>> advisory https://starlabs.sg/advisories/22-4206/ for more information.
>>
>> Fixes: CVE-2021-4206
>
>
> (the Starlabs advisory has 2022, I guess it's wrong then)
>
>> Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
>
>
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

Does this fix (or any of the other cursor-related stuff I've seen
floating past) need to go into 7.0 ? (ie is it release-critical?)

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]