qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH-for-7.2 v2 0/5] hw/display/qxl: Avoid buffer overrun in q

From: Philippe Mathieu-Daudé
Subject: Re: [RFC PATCH-for-7.2 v2 0/5] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt()
Date: Mon, 28 Nov 2022 14:51:18 +0100
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 
On 28/11/22 14:48, Philippe Mathieu-Daudé wrote:

Since v1:
- Addressed Marc-André review comments
- Moved overrun check in qxl_get_check_slot_offset()

memory_region_get_ram_ptr() returns a host pointer for a
MemoryRegion. Sometimes we do offset calculation using this
pointer without checking the underlying MemoryRegion size.

Wenxu Yin reported a buffer overrun in QXL. This series
aims to fix it. I haven't audited the other _get_ram_ptr()
uses (yet). Eventually we could rename it _get_ram_ptr_unsafe
and add a safer helper which checks for overrun.

Worth considering for 7.2?

Regards,

Phil.


This series is v2...
v1 was 20221125154030.42108-1-philmd@linaro.org/">https://lore.kernel.org/qemu-devel/20221125154030.42108-1-philmd@linaro.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]