qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] cirrus_vga: fix off-by-one in blit_region_is


From: Gerd Hoffmann
Subject: Re: [Qemu-devel] [PATCH v2] cirrus_vga: fix off-by-one in blit_region_is_unsafe
Date: Tue, 16 Feb 2016 14:30:46 +0100

On Mi, 2016-02-10 at 17:17 +0100, Paolo Bonzini wrote:
> The "max" value is being compared with >=, but addr + width points to
> the first byte that will _not_ be copied.  Laszlo suggested using a
> "greater than" comparison, instead of subtracting one like it is
> already done above for the height, so that max remains always
> positive.
> 
> The mistake is "safe"---it will reject some blits, but will never
> cause
> out-of-bounds writes.

added to vga queue.

thanks,
  Gerd



reply via email to

[Prev in Thread] Current Thread [Next in Thread]