[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 362f81: vga: drop line_offset variable
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] 362f81: vga: drop line_offset variable |
|
Date: |
Thu, 19 Oct 2017 04:09:36 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 362f811793ff6cb4d209ab61d76cc4f841bb5e46
https://github.com/qemu/qemu/commit/362f811793ff6cb4d209ab61d76cc4f841bb5e46
Author: Gerd Hoffmann <address@hidden>
Date: 2017-10-17 (Tue, 17 Oct 2017)
Changed paths:
M hw/display/vga.c
Log Message:
-----------
vga: drop line_offset variable
Signed-off-by: Gerd Hoffmann <address@hidden>
Commit: 28f77de26a4f9995458ddeb9d34bb06c0193bdc9
https://github.com/qemu/qemu/commit/28f77de26a4f9995458ddeb9d34bb06c0193bdc9
Author: Gerd Hoffmann <address@hidden>
Date: 2017-10-17 (Tue, 17 Oct 2017)
Changed paths:
M hw/display/vga.c
Log Message:
-----------
vga: handle cirrus vbe mode wraparounds.
Commit "3d90c62548 vga: stop passing pointers to vga_draw_line*
functions" is incomplete. It doesn't handle the case that the vga
rendering code tries to create a shared surface, i.e. a pixman image
backed by vga video memory. That can not work in case the guest display
wraps from end of video memory to the start. So force shadowing in that
case. Also adjust the snapshot region calculation.
Can trigger with cirrus only, when programming vbe modes using the bochs
api (stdvga, also qxl and virtio-vga in vga compat mode) wrap arounds
can't happen.
Fixes: CVE-2017-13672
Fixes: 3d90c6254863693a6b13d918d2b8682e08bbc681
Cc: P J P <address@hidden>
Reported-by: David Buchanan <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: b0898b42ef099bc125db1fbf62b7f02b505ef3a2
https://github.com/qemu/qemu/commit/b0898b42ef099bc125db1fbf62b7f02b505ef3a2
Author: Gerd Hoffmann <address@hidden>
Date: 2017-10-17 (Tue, 17 Oct 2017)
Changed paths:
M hw/display/vga.c
Log Message:
-----------
vga: add ram_addr_t cast
Reported by Coverity.
Fixes: CID 1381409
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: eb38e1bc3740725ca29a535351de94107ec58d51
https://github.com/qemu/qemu/commit/eb38e1bc3740725ca29a535351de94107ec58d51
Author: Gerd Hoffmann <address@hidden>
Date: 2017-10-17 (Tue, 17 Oct 2017)
Changed paths:
M hw/display/cirrus_vga.c
Log Message:
-----------
cirrus: fix oob access in mode4and5 write functions
Move dst calculation into the loop, so we apply the mask on each
interation and will not overflow vga memory.
Cc: Prasad J Pandit <address@hidden>
Reported-by: Niu Guoxiang <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-id: address@hidden
Commit: 73b733e6907e1193e562f498272108c95c00868c
https://github.com/qemu/qemu/commit/73b733e6907e1193e562f498272108c95c00868c
Author: Peter Maydell <address@hidden>
Date: 2017-10-19 (Thu, 19 Oct 2017)
Changed paths:
M hw/display/cirrus_vga.c
M hw/display/vga.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/kraxel/tags/vga-20171017-pull-request'
into staging
cirrus: bugfixes, with some vga cleanups.
# gpg: Signature made Tue 17 Oct 2017 09:24:37 BST
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg: aka "Gerd Hoffmann <address@hidden>"
# gpg: aka "Gerd Hoffmann (private) <address@hidden>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/vga-20171017-pull-request:
cirrus: fix oob access in mode4and5 write functions
vga: add ram_addr_t cast
vga: handle cirrus vbe mode wraparounds.
vga: drop line_offset variable
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/861cd431c99e...73b733e6907e
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 362f81: vga: drop line_offset variable,
GitHub <=