[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 09/29] vmsvga: Account for length of command word wh
From: |
Liran Alon |
Subject: |
[Qemu-devel] [PATCH 09/29] vmsvga: Account for length of command word when parsing commands |
Date: |
Thu, 9 Aug 2018 14:46:22 +0300 |
From: Leonid Shatz <address@hidden>
While we continue to ignore SVGA_CMD_RECT_ROP_FILL, SVGA_CMD_RECT_ROP_COPY
and SVGA_CMD_FENCE commands, we should account for command length, not only
arguments following command code.
Signed-off-by: Leonid Shatz <address@hidden>
Reviewed-by: Darren Kenny <address@hidden>
Signed-off-by: Liran Alon <address@hidden>
---
hw/display/vmware_vga.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index 675c8755ab48..b32a625ae9c2 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -731,9 +731,17 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
* arguments so we can avoid FIFO desync
*/
case SVGA_CMD_RECT_ROP_FILL: /* deprecated */
+ len -= 1;
+ if (len < 0) {
+ goto rewind;
+ }
args = 6;
goto badcmd;
case SVGA_CMD_RECT_ROP_COPY: /* deprecated */
+ len -= 1;
+ if (len < 0) {
+ goto rewind;
+ }
args = 7;
goto badcmd;
case SVGA_CMD_DEFINE_ALPHA_CURSOR:
@@ -761,6 +769,10 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
args = 12;
goto badcmd;
case SVGA_CMD_FENCE:
+ len -= 1;
+ if (len < 0) {
+ goto rewind;
+ }
args = 1;
goto badcmd;
--
1.9.1
- [Qemu-devel] [PATCH 02/29] vmsvga: Group together commands by their handling, (continued)
- [Qemu-devel] [PATCH 02/29] vmsvga: Group together commands by their handling, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 03/29] vmsvga: Explictly mark deprecated commands, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 04/29] vmsvga: Do not print error message for ignored commands, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 05/29] vmsvga: Show registers and commands on debug output as decimals, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 06/29] vmsvga: Fix parse of SVGA_CMD_UPDATE_VERBOSE to consider additional opaque cookie, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 07/29] vmsvga: Handle SVGA_CMD_FRONT_ROP_FILL command, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 08/29] vmsvga: Parse SVGA_CMD_FENCE command to avoid FIFO desync, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 09/29] vmsvga: Account for length of command word when parsing commands,
Liran Alon <=
- [Qemu-devel] [PATCH 10/29] vmsvga: Remove treatment of deprecated commands as Nop, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 11/29] vmsvga: Remove handler of SVGA_CMD_INVALID_CMD, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 12/29] vmsvga: Add definitions of FIFO registers and report their number, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 13/29] vmsvga: Add support for extended FIFO registers, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 14/29] vmsvga: Setup interrupt pin, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 15/29] vmsvga: Add interrupt mask and status registers, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 16/29] vmsvga: Add framework code for SVGA command to raise interrupt, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 17/29] vmsvga: Define interrupt source flags for interrupt status and mask registers, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 18/29] vmsvga: Add support for SVGA_IRQFLAG_FIFO_PROGRESS, Liran Alon, 2018/08/09
- [Qemu-devel] [PATCH 19/29] vmsvga: Handle SVGA_CMD_FENCE command, Liran Alon, 2018/08/09