[PATCH v2 08/51] hw/display/qxl: Assert memory slot fits in preallocated

qemu-s390x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v2 08/51] hw/display/qxl: Assert memory slot fits in preallocated

From:	Juan Quintela
Subject:	[PATCH v2 08/51] hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion
Date:	Mon, 5 Dec 2022 10:51:45 +0100

From: Philippe Mathieu-Daudé <philmd@linaro.org>

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221128202741.4945-6-philmd@linaro.org>
---
 hw/display/qxl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index 0b21626aad..6772849dec 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -1384,6 +1384,7 @@ static int qxl_add_memslot(PCIQXLDevice *d, uint32_t 
slot_id, uint64_t delta,
         qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region);
         return 1;
     }
+    assert(guest_end - pci_start <= memory_region_size(mr));
 
     virt_start = (intptr_t)memory_region_get_ram_ptr(mr);
     memslot.slot_id = slot_id;
-- 
2.38.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v2 00/51] migration patches for VFIO, Juan Quintela, 2022/12/05
- [PATCH v2 01/51] update seabios source from 1.16.0 to 1.16.1, Juan Quintela, 2022/12/05
- [PATCH v2 03/51] replay: Fix declaration of replay_read_next_clock, Juan Quintela, 2022/12/05
- [PATCH v2 04/51] hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler, Juan Quintela, 2022/12/05
- [PATCH v2 02/51] update seabios binaries to 1.16.1, Juan Quintela, 2022/12/05
- [PATCH v2 05/51] hw/display/qxl: Document qxl_phys2virt(), Juan Quintela, 2022/12/05
- [PATCH v2 06/51] hw/display/qxl: Pass requested buffer size to qxl_phys2virt(), Juan Quintela, 2022/12/05
- [PATCH v2 07/51] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144), Juan Quintela, 2022/12/05
- [PATCH v2 08/51] hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion, Juan Quintela <=
- [PATCH v2 09/51] block-backend: avoid bdrv_unregister_buf() NULL pointer deref, Juan Quintela, 2022/12/05
- [PATCH v2 10/51] target/arm: Set TCGCPUOps.restore_state_to_opc for v7m, Juan Quintela, 2022/12/05
- [PATCH v2 11/51] Update VERSION for v7.2.0-rc3, Juan Quintela, 2022/12/05
- [PATCH v2 12/51] tests/qtests: override "force-legacy" for gpio virtio-mmio tests, Juan Quintela, 2022/12/05
- [PATCH v2 13/51] vhost: enable vrings in vhost_dev_start() for vhost-user devices, Juan Quintela, 2022/12/05
- [PATCH v2 15/51] hw/virtio: generalise CHR_EVENT_CLOSED handling, Juan Quintela, 2022/12/05
- [PATCH v2 14/51] hw/virtio: add started_vu status field to vhost-user-gpio, Juan Quintela, 2022/12/05
- [PATCH v2 16/51] include/hw: VM state takes precedence in virtio_device_should_start, Juan Quintela, 2022/12/05
- [PATCH v2 17/51] hw/nvme: fix aio cancel in format, Juan Quintela, 2022/12/05
- [PATCH v2 18/51] hw/nvme: fix aio cancel in flush, Juan Quintela, 2022/12/05

Prev by Date: [PATCH v2 07/51] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144)
Next by Date: [PATCH v2 09/51] block-backend: avoid bdrv_unregister_buf() NULL pointer deref
Previous by thread: [PATCH v2 07/51] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144)
Next by thread: [PATCH v2 09/51] block-backend: avoid bdrv_unregister_buf() NULL pointer deref
Index(es):
- Date
- Thread