Re: [Qemu-devel] [PATCH v3 0/5] vmware-vga: fix CVE-2014-3689

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v3 0/5] vmware-vga: fix CVE-2014-3689

From:	Don Koch
Subject:	Re: [Qemu-devel] [PATCH v3 0/5] vmware-vga: fix CVE-2014-3689
Date:	Tue, 28 Oct 2014 14:09:10 -0400

On Tue, 28 Oct 2014 10:50:37 +0100
Gerd Hoffmann <address@hidden> wrote:

>   Hi,
> 
> vmware-vga emulation lacks sanity checks in the hardware acceleration
> (blit + fill) functions.  This patch series plugs the holes.
> 
> v3 changes:
>  * throw badcmd errors in case the rectangles fail the sanity checks.
> v2 changes:
>  * small whitespace fixup.
>  * do fullscreen update on invalid update requests.
> 
> cheers,
>   Gerd
> 
> Gerd Hoffmann (5):
>   vmware-vga: CVE-2014-3689: turn off hw accel
>   vmware-vga: add vmsvga_verify_rect
>   vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
>   vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
>   vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
> 
>  hw/display/vmware_vga.c | 116 
> ++++++++++++++++++++++++++++++++----------------
>  1 file changed, 78 insertions(+), 38 deletions(-)
> 
> -- 
> 1.8.3.1
> 

Whole series looks good to me, now.

A bit of a big hammer, but much better than before. I had started working on
fixing the clipping a month ago. I might still do that based on this update
which is a better base than the original.

Thanks, Gerd.

-d

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v3 0/5] vmware-vga: fix CVE-2014-3689, Gerd Hoffmann, 2014/10/28
- [Qemu-devel] [PATCH v3 3/5] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect, Gerd Hoffmann, 2014/10/28
- [Qemu-devel] [PATCH v3 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, Gerd Hoffmann, 2014/10/28
  - Re: [Qemu-devel] [PATCH v3 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, Don Koch, 2014/10/28
- [Qemu-devel] [PATCH v3 5/5] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect, Gerd Hoffmann, 2014/10/28
  - Re: [Qemu-devel] [PATCH v3 5/5] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect, Don Koch, 2014/10/28
- [Qemu-devel] [PATCH v3 2/5] vmware-vga: add vmsvga_verify_rect, Gerd Hoffmann, 2014/10/28
- [Qemu-devel] [PATCH v3 1/5] vmware-vga: CVE-2014-3689: turn off hw accel, Gerd Hoffmann, 2014/10/28
- Re: [Qemu-devel] [PATCH v3 0/5] vmware-vga: fix CVE-2014-3689, Don Koch <=

Prev by Date: Re: [Qemu-devel] [PATCH v3 5/5] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
Next by Date: Re: [Qemu-devel] [PATCH RFC 2/2] block: Warn on insecure format probing
Previous by thread: [Qemu-devel] [PATCH v3 1/5] vmware-vga: CVE-2014-3689: turn off hw accel
Next by thread: [Qemu-devel] [PATCH v2] xhci: add property to turn on/off streams support
Index(es):
- Date
- Thread