Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689

From:	Gerd Hoffmann
Subject:	Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689
Date:	Thu, 16 Oct 2014 12:54:21 +0200

On Mi, 2014-10-15 at 17:43 +0200, Michael Tokarev wrote:
> On 15.10.2014 12:10, Gerd Hoffmann wrote:
> >    Hi,
> >
> > vmware-vga emulation lacks sanity checks in the hardware acceleration
> > (blit + fill) functions.  This patch series plugs the holes.
> >
> > v2 changes:
> >   * small whitespace fixup.
> >   * do fullscreen update on invalid update requests.
> >
> > cheers,
> >    Gerd
> >
> > Gerd Hoffmann (5):
> >    vmware-vga: CVE-2014-3689: turn off hw accel
> >    vmware-vga: add vmsvga_verify_rect
> >    vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
> >    vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
> >    vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
> 
> A small question.  Why do you first disable the hw accel for rect&fill
> and re-enable them in subsequent patches, as if applying the real
> fix patches takes very long time and during that time we need the
> hole to be fixed?

That was just the order the patches where created.  There isn't a real
need for patch #1, but it didn't look important enough to me to bother
fixing it up after the series was complete.

cheers,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 3/5] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 1/5] vmware-vga: CVE-2014-3689: turn off hw accel, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 2/5] vmware-vga: add vmsvga_verify_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 5/5] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH] [sparse] fix build, Gerd Hoffmann, 2014/10/15
  - Re: [Qemu-devel] [PATCH] [sparse] fix build, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689, Michael Tokarev, 2014/10/15
  - Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689, Gerd Hoffmann <=

Prev by Date: Re: [Qemu-devel] [PATCH v2 7/9] target-mips: add TLBINV support
Next by Date: [Qemu-devel] [PATCH] glib: add compatibility interface for g_strcmp0()
Previous by thread: Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689
Next by thread: [Qemu-devel] [PULL 0/1] configure: Prepend pixman and ftd flags to overrule system-provided ones
Index(es):
- Date
- Thread