]> Git Repo - qemu.git/commit
projects / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e652941) | patch
vga: stop passing pointers to vga_draw_line* functions
authorGerd Hoffmann <[email protected]>
Mon, 28 Aug 2017 12:29:06 +0000 (14:29 +0200)
committerGerd Hoffmann <[email protected]>
Fri, 1 Sep 2017 11:52:43 +0000 (13:52 +0200)
commit3d90c6254863693a6b13d918d2b8682e08bbc681
tree41f305d2ad30ffad4ea463ca2c89f83e53eb2067tree | snapshot
parente65294157d4b69393b3f819c99f4f647452b48e3commit | diff
vga: stop passing pointers to vga_draw_line* functions

Instead pass around the address (aka offset into vga memory).
Add vga_read_* helper functions which apply vbe_size_mask to
the address, to make sure the address stays within the valid
range, similar to the cirrus blitter fixes (commits ffaf857778
and 026aeffcb4).

Impact:  DoS for privileged guest users.  qemu crashes with
a segfault, when hitting the guard page after vga memory
allocation, while reading vga memory for display updates.

Fixes: CVE-2017-13672
Cc: P J P <[email protected]>
Reported-by: David Buchanan <[email protected]>
Signed-off-by: Gerd Hoffmann <[email protected]>
Message-id: 20170828122906[email protected]
hw/display/vga-helpers.h diff | blob | blame | history
hw/display/vga.c diff | blob | blame | history
hw/display/vga_int.h diff | blob | blame | history
Empty description
This page took 0.025978 seconds and 4 git commands to generate.