motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-02 23:33:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

vfio: fix use-after-free in display

Browse source 
Calling ramfb_display_update() might replace the DisplaySurface with the
boot display, which in turn will free the currently active
DisplaySurface.

So clear our DisplaySurface pinter (dpy->region.surface pointer) to (a)
avoid use-after-free and (b) force replacing the boot display with the
real display when switching back.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Message-id: 20200713124520.23266-1-kraxel@redhat.com
This commit is contained in:
Gerd Hoffmann 2020-07-13 14:45:20 +02:00
parent 8746309137
commit 8ec1415935
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hw/vfio/display.c
View file

@ -405,6 +405,7 @@ static void vfio_display_region_update(void *opaque)
if (!plane.drm_format || !plane.size) {
if (dpy->ramfb) {
ramfb_display_update(dpy->con, dpy->ramfb);
dpy->region.surface = NULL;
}
return;
}