[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 7/8] ramfb: add sanity checks to ramfb_create_display_surface
|
From: |
Gerd Hoffmann |
|
Subject: |
[PULL 7/8] ramfb: add sanity checks to ramfb_create_display_surface |
|
Date: |
Mon, 18 May 2020 17:12:54 +0200 |
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Laszlo Ersek <address@hidden>
Message-id: address@hidden
---
hw/display/ramfb.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/hw/display/ramfb.c b/hw/display/ramfb.c
index 1a20bdec416f..52dae78db48f 100644
--- a/hw/display/ramfb.c
+++ b/hw/display/ramfb.c
@@ -15,6 +15,7 @@
#include "qapi/error.h"
#include "hw/loader.h"
#include "hw/display/ramfb.h"
+#include "hw/display/bochs-vbe.h" /* for limits */
#include "ui/console.h"
#include "sysemu/reset.h"
@@ -49,6 +50,11 @@ static DisplaySurface *ramfb_create_display_surface(int
width, int height,
hwaddr size;
void *data;
+ if (width < 16 || width > VBE_DISPI_MAX_XRES ||
+ height < 16 || height > VBE_DISPI_MAX_YRES ||
+ format == 0 /* unknown format */)
+ return NULL;
+
if (linesize == 0) {
linesize = width * PIXMAN_FORMAT_BPP(format) / 8;
}
--
2.18.4
- [PULL 0/8] Vga 20200518 patches, Gerd Hoffmann, 2020/05/18
- [PULL 3/8] Revert "hw/display/ramfb: initialize fw-config space with xres/ yres", Gerd Hoffmann, 2020/05/18
- [PULL 8/8] ramfb: fix size calculation, Gerd Hoffmann, 2020/05/18
- [PULL 5/8] ramfb: drop leftover debug message, Gerd Hoffmann, 2020/05/18
- [PULL 7/8] ramfb: add sanity checks to ramfb_create_display_surface,
Gerd Hoffmann <=
- [PULL 2/8] hw/display: Include local 'framebuffer.h', Gerd Hoffmann, 2020/05/18
- [PULL 1/8] ati-vga: Do not allow unaligned access via index register, Gerd Hoffmann, 2020/05/18
- [PULL 4/8] Revert "hw/display/ramfb: lock guest resolution after it's set", Gerd Hoffmann, 2020/05/18
- [PULL 6/8] ramfb: don't update RAMFBState on errors, Gerd Hoffmann, 2020/05/18
- Re: [PULL 0/8] Vga 20200518 patches, Peter Maydell, 2020/05/18