[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] vga: stop passing pointers to vga_draw_line* fu
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-devel] [PATCH] vga: stop passing pointers to vga_draw_line* functions |
|
Date: |
Thu, 24 Aug 2017 11:30:18 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
On 08/24/2017 04:19 AM, Gerd Hoffmann wrote:
> Instead pass around the address (aka offset into vga memory).
> Add vga_read_* helper functions which apply vbe_size_mask to
> the address, to make sure the address stays within the valid
> range, simliar to the cirrus blitter fixes (commits ffaf857778
s/simliar/similar/
> and 026aeffcb4).
>
> Impact: DoS for priviledged guest users. qemu crashes with
s/priviledged/privileged/
> a segfault, when hitting the guard page after vga memory
> allocation, while reading vga memory for display updates.
>
> Fixes: CVE-2017-xxxx
Do we have the actual number? Are we trying to get this in 2.10-rc4, or
is it merely 2.11 + qemu-stable (2.10.1) material?
> Cc: P J P <address@hidden>
> Reported-by: David Buchanan <address@hidden>
> Signed-off-by: Gerd Hoffmann <address@hidden>
> ---
> hw/display/vga-helpers.h | 202
> ++++++++++++++++++++++++++---------------------
> hw/display/vga_int.h | 1 +
> hw/display/vga.c | 5 +-
> 3 files changed, 114 insertions(+), 94 deletions(-)
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature