motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-02 07:13:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/hw/display
History
Gerd Hoffmann 28f77de26a vga: handle cirrus vbe mode wraparounds. 
Commit "3d90c62548 vga: stop passing pointers to vga_draw_line*
functions" is incomplete.  It doesn't handle the case that the vga
rendering code tries to create a shared surface, i.e. a pixman image
backed by vga video memory.  That can not work in case the guest display
wraps from end of video memory to the start.  So force shadowing in that
case.  Also adjust the snapshot region calculation.

Can trigger with cirrus only, when programming vbe modes using the bochs
api (stdvga, also qxl and virtio-vga in vga compat mode) wrap arounds
can't happen.

Fixes: CVE-2017-13672
Fixes: 3d90c62548
Cc: P J P <ppandit@redhat.com>
Reported-by: David Buchanan <d@vidbuchanan.co.uk>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 20171010141323.14049-3-kraxel@redhat.com
2017-10-17 09:59:00 +02:00
..
ads7846.c ssi: change ssi_slave_init to be a realize ops 2016-07-04 13:15:22 +01:00
bcm2835_fb.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
blizzard.c hw/display/blizzard: Remove blizzard_template.h 2016-05-12 13:22:30 +01:00
cg3.c hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
cirrus_vga.c pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
cirrus_vga_rop.h cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16 2017-03-17 10:23:44 +01:00
cirrus_vga_rop2.h cirrus: fix PUTPIXEL macro 2017-03-27 12:14:45 +02:00
dpcd.c aux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows 2016-07-07 13:47:01 +01:00
exynos4210_fimd.c exynos: make display updates thread safe 2017-04-24 10:12:28 +02:00
framebuffer.c framebuffer: make display updates thread safe 2017-04-24 10:12:28 +02:00
framebuffer.h framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer 2015-07-24 13:57:45 +02:00
g364fb.c g364fb: make display updates thread safe 2017-04-24 10:12:28 +02:00
jazz_led.c jazz_led: fix bad snprintf 2017-05-10 10:19:24 +03:00
Makefile.objs add opengl_cflags to QEMU_CFLAGS 2017-03-21 10:25:01 +00:00
milkymist-tmu2.c lm32: milkymist-tmu2: fix a third integer overflow 2017-02-28 09:03:39 +03:00
milkymist-vgafb.c milkymist: update specification URLs 2016-06-20 18:12:04 +02:00
milkymist-vgafb_template.h milkymist-vgafb: swap pixel data in source buffer 2014-02-04 19:34:30 +01:00
omap_dss.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
omap_lcd_template.h omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
omap_lcdc.c omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
pl110.c hw/display: QOM'ify pl110.c 2016-10-24 16:26:56 +01:00
pl110_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
pxa2xx_lcd.c arm: Clean up includes 2016-01-29 15:07:23 +00:00
pxa2xx_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
qxl-logger.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
qxl-render.c qxl: add support for chunked cursors. 2017-09-01 13:52:43 +02:00
qxl.c pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
qxl.h qxl: add xres and yres properties 2017-04-24 10:12:28 +02:00
sm501.c pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
sm501_template.h sm501: Misc clean ups 2017-04-24 12:32:12 +01:00
ssd0303.c i2c: Allow I2C devices to NAK start events 2017-01-09 11:40:20 +00:00
ssd0323.c vmstateify ssd0323 display 2016-09-22 18:13:08 +01:00
tc6393xb.c hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
tc6393xb_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
tcx.c memory: Rename memory_region_init_ram() to memory_region_init_ram_nomigrate() 2017-07-14 17:59:42 +01:00
trace-events hw/display/xenfb.c: Add trace_xenfb_key_event 2017-09-26 09:06:02 +03:00
vga-helpers.h vga: stop passing pointers to vga_draw_line* functions 2017-09-01 13:52:43 +02:00
vga-isa-mm.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
vga-isa.c portio: keep references on portio 2016-09-08 18:05:21 +04:00
vga-pci.c pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
vga.c vga: handle cirrus vbe mode wraparounds. 2017-10-17 09:59:00 +02:00
vga.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
vga_int.h vga: stop passing pointers to vga_draw_line* functions 2017-09-01 13:52:43 +02:00
virtio-gpu-3d.c virtio-gpu: move virtio_gpu_gl_block 2017-05-12 12:02:48 +02:00
virtio-gpu-pci.c virtio-gpu-pci: tag as not hotpluggable 2016-09-13 09:26:58 +02:00
virtio-gpu.c migration: Route more error paths 2017-09-27 11:44:18 +01:00
virtio-vga.c virtio: rename the bar index field name in VirtIOPCIProxy 2016-10-08 11:25:29 +03:00
vmware_vga.c pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
xenfb.c hw/display/xenfb.c: Add trace_xenfb_key_event 2017-09-26 09:06:02 +03:00
xlnx_dp.c qom: enforce readonly nature of link's check callback 2017-07-14 12:04:42 +02:00