[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] f153b5: cirrus: handle negative pitch in cirr
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] f153b5: cirrus: handle negative pitch in cirrus_invalidate... |
Date: |
Fri, 03 Feb 2017 03:30:04 -0800 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: f153b563f8cf121aebf5a2fff5f0110faf58ccb3
https://github.com/qemu/qemu/commit/f153b563f8cf121aebf5a2fff5f0110faf58ccb3
Author: Wolfgang Bumiller <address@hidden>
Date: 2017-02-01 (Wed, 01 Feb 2017)
Changed paths:
M hw/display/cirrus_vga.c
Log Message:
-----------
cirrus: handle negative pitch in cirrus_invalidate_region()
cirrus_invalidate_region() calls memory_region_set_dirty()
on a per-line basis, always ranging from off_begin to
off_begin+bytesperline. With a negative pitch off_begin
marks the top most used address and thus we need to do an
initial shift backwards by a line for negative pitches of
backward blits, otherwise the first iteration covers the
line going from the start offset forwards instead of
backwards.
Additionally since the start address is inclusive, if we
shift by a full `bytesperline` we move to the first address
*not* included in the blit, so we only shift by one less
than bytesperline.
Signed-off-by: Wolfgang Bumiller <address@hidden>
Message-id: address@hidden
[ kraxel: codestyle fixes ]
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 5858dd1801883309bdd208d72ddb81c4e9fee30c
https://github.com/qemu/qemu/commit/5858dd1801883309bdd208d72ddb81c4e9fee30c
Author: Wolfgang Bumiller <address@hidden>
Date: 2017-02-01 (Wed, 01 Feb 2017)
Changed paths:
M hw/display/cirrus_vga.c
Log Message:
-----------
cirrus: allow zero source pitch in pattern fill rops
The rops used by cirrus_bitblt_common_patterncopy only use
the destination pitch, so the source pitch shoul allowed to
be zero and the blit with used for the range check around the
source address.
Signed-off-by: Wolfgang Bumiller <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 60cd23e85151525ab26591394c4e7e06fa07d216
https://github.com/qemu/qemu/commit/60cd23e85151525ab26591394c4e7e06fa07d216
Author: Gerd Hoffmann <address@hidden>
Date: 2017-02-01 (Wed, 01 Feb 2017)
Changed paths:
M hw/display/cirrus_vga.c
Log Message:
-----------
cirrus: fix blit address mask handling
Apply the cirrus_addr_mask to cirrus_blt_dstaddr and cirrus_blt_srcaddr
right after assigning them, in cirrus_bitblt_start(), instead of having
this all over the place in the cirrus code, and missing a few places.
Reported-by: Wolfgang Bumiller <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 62d4c6bd5263bb8413a06c80144fc678df6dfb64
https://github.com/qemu/qemu/commit/62d4c6bd5263bb8413a06c80144fc678df6dfb64
Author: Li Qiang <address@hidden>
Date: 2017-02-02 (Thu, 02 Feb 2017)
Changed paths:
M hw/display/cirrus_vga.c
Log Message:
-----------
cirrus: fix oob access issue (CVE-2017-2615)
When doing bitblt copy in backward mode, we should minus the
blt width first just like the adding in the forward mode. This
can avoid the oob access of the front of vga's vram.
Signed-off-by: Li Qiang <address@hidden>
{ kraxel: with backward blits (negative pitch) addr is the topmost
address, so check it as-is against vram size ]
Cc: address@hidden
Cc: P J P <address@hidden>
Cc: Laszlo Ersek <address@hidden>
Cc: Paolo Bonzini <address@hidden>
Cc: Wolfgang Bumiller <address@hidden>
Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Reviewed-by: Laszlo Ersek <address@hidden>
Commit: 5b66d7ae89411c01657ebfe76b9a8be346a4b1be
https://github.com/qemu/qemu/commit/5b66d7ae89411c01657ebfe76b9a8be346a4b1be
Author: Peter Maydell <address@hidden>
Date: 2017-02-03 (Fri, 03 Feb 2017)
Changed paths:
M hw/display/cirrus_vga.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/pull-vga-20170202-2' into
staging
cirrus: multiple bugfixes, including CVE-2017-2615 fix.
# gpg: Signature made Thu 02 Feb 2017 15:03:35 GMT
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg: aka "Gerd Hoffmann <address@hidden>"
# gpg: aka "Gerd Hoffmann (private) <address@hidden>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/pull-vga-20170202-2:
cirrus: fix oob access issue (CVE-2017-2615)
cirrus: fix blit address mask handling
cirrus: allow zero source pitch in pattern fill rops
cirrus: handle negative pitch in cirrus_invalidate_region()
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/5459ef3bff96...5b66d7ae8941
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] f153b5: cirrus: handle negative pitch in cirrus_invalidate...,
GitHub <=