Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line*

From:	Gerd Hoffmann
Subject:	Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions
Date:	Mon, 09 Oct 2017 14:56:28 +0200

On Mon, 2017-10-09 at 12:55 +0100, David Buchanan wrote:
> I might be mistaken, but I don't think this patch actually fixes
> CVE-2017-13672. I tested the latest git repo (last commit 530049bc1d)
> against my initial reproducer, and QEMU still segfaults.

Hmm, no segfault here.  Tried gtk, sdl, vnc, spice.  How do you start
qemu?  Which user interface?

> I think this is because the actual OOB read occurs inside pixman,
> which
> of course is not affected by this patch. Perhaps bounds checks need
> to
> be applied to the arguments passed into pixman?

Hmm, 24bpp modes are typically not handled by pixman (at least not in a
way that qemu creates a pixman image backed by vga memory).

Have you seen a stacktrace with pixman in there?  Care to share it?

thanks,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions, David Buchanan, 2017/10/09
- Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions, Gerd Hoffmann <=
  - Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions, David Buchanan, 2017/10/09

Prev by Date: Re: [Qemu-devel] [PATCH v6 2/7] hw/misc: add vmcoreinfo device
Next by Date: [Qemu-devel] [PATCH v9 1/8] vmdk: Move vmdk_find_offset_in_cluster() to the top
Previous by thread: Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions
Next by thread: Re: [Qemu-devel] [PATCH v2] vga: stop passing pointers to vga_draw_line* functions
Index(es):
- Date
- Thread