qemu/display at e12d8edb8a76d0beedd71f900a0a44385f207b7c - qemu - openSUSE Gitea

dfaggioli/qemu

Files

History

Philippe Mathieu-Daudé e12d8edb8a hw/display/qxl: Pass requested buffer size to qxl_phys2virt()

References: bsc#1205808
Git-commit: 8efec0ef8b

Currently qxl_phys2virt() doesn't check for buffer overrun.
In order to do so in the next commit, pass the buffer size
as argument.

For QXLCursor in qxl_render_cursor() -> qxl_cursor() we
verify the size of the chunked data ahead, checking we can
access 'sizeof(QXLCursor) + chunk->data_size' bytes.
Since in the SPICE_CURSOR_TYPE_MONO case the cursor is
assumed to fit in one chunk, no change are required.
In SPICE_CURSOR_TYPE_ALPHA the ahead read is handled in
qxl_unpack_chunks().

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221128202741.4945-4-philmd@linaro.org>
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>

2023-07-31 19:20:26 +02:00

..

artist.c

hw/display/artist: Fix bug in coordinate extraction in artist_vram_read() and artist_vram_write()

2021-08-31 14:38:53 +02:00

ati_2d.c

ati: check x y display parameter values

2020-11-04 08:25:17 +01:00

ati_dbg.c

ati-vga: Add dummy MEM_SDRAM_MODE_REG

2020-06-30 22:54:24 +02:00

ati_int.h

Use OBJECT_DECLARE_SIMPLE_TYPE when possible

2020-09-18 14:12:32 -04:00

ati_regs.h

ati-vga: Add dummy MEM_SDRAM_MODE_REG

2020-06-30 22:54:24 +02:00

ati.c

hw/i2c: Rename i2c_set_slave_address() -> i2c_slave_set_address()

2021-07-08 14:15:01 -05:00

bcm2835_fb.c

nomaintainer: Fix Lesser GPL version number

2020-11-15 17:04:40 +01:00

blizzard.c

display/blizzard: use extract16() for fix clang analyzer warning in blizzard_draw_line16_32()

2020-05-04 11:17:27 +02:00

bochs-display.c

Use OBJECT_DECLARE_SIMPLE_TYPE when possible

2020-09-18 14:12:32 -04:00

cg3.c

vl: extract softmmu/datadir.c

2020-12-10 12:15:18 -05:00

cirrus_vga_internal.h

hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file

2018-10-15 09:57:33 +02:00

cirrus_vga_isa.c

Use OBJECT_DECLARE_SIMPLE_TYPE when possible

2020-09-18 14:12:32 -04:00

cirrus_vga_rop2.h

cirrus: fix PUTPIXEL macro

2017-03-27 12:14:45 +02:00

cirrus_vga_rop.h

cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16

2017-03-17 10:23:44 +01:00

cirrus_vga.c

hw/display/cirrus_vga: Fix hexadecimal format string specifier

2020-11-13 07:36:33 +01:00

dpcd.c

hw/display/dpcd: Convert debug printf()s to trace events

2020-05-28 11:38:57 +02:00

edid-generate.c

edid: add support for DisplayID extension (5k resolution)

2021-05-10 11:41:02 +02:00

edid-region.c

Include exec/memory.h slightly less

2019-08-16 13:31:52 +02:00

exynos4210_fimd.c

hw/display/exynos4210_fimd: Fix potential NULL pointer dereference

2020-11-02 16:52:17 +00:00

framebuffer.c

Include hw/hw.h exactly where needed

2019-08-16 13:31:52 +02:00

framebuffer.h

framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer

2015-07-24 13:57:45 +02:00

g364fb.c

g364fb: add VMStateDescription for G364SysBusState

2021-07-02 17:35:08 +02:00

i2c-ddc.c

qdev: set properties with device_class_set_props()

2020-01-24 20:59:15 +01:00

jazz_led.c

Use OBJECT_DECLARE_SIMPLE_TYPE when possible

2020-09-18 14:12:32 -04:00

Kconfig

Drop the deprecated lm32 target

2021-05-12 18:20:25 +02:00

macfb.c

macfb: fix a memory leak (CID 1465231)

2021-11-09 16:42:49 +01:00

meson.build

hw/display: Restrict virtio-gpu-udmabuf stubs to !Linux

2021-08-31 14:31:43 +02:00

next-fb.c

Do not include hw/boards.h if it's not really necessary

2021-05-02 17:24:51 +02:00

omap_dss.c

hw/display/omap_dss: Replace fprintf() call by qemu_log_mask(LOG_UNIMP)

2020-05-28 11:38:57 +02:00

omap_lcdc.c

hw/display/omap_lcdc: Delete unnecessary macro

2021-03-06 13:30:38 +00:00

pl110_template.h

hw/display/pl110: Remove use of BITS from pl110_template.h

2021-03-14 13:14:55 +00:00

pl110.c

hw/display/pl110: Remove use of BITS from pl110_template.h

2021-03-14 13:14:55 +00:00

pxa2xx_lcd.c

hw/display/pxa2xx: Inline template header

2021-03-14 13:14:56 +00:00

qxl-logger.c

hw/display/qxl: Pass requested buffer size to qxl_phys2virt()

2023-07-31 19:20:26 +02:00

qxl-render.c

hw/display/qxl: Pass requested buffer size to qxl_phys2virt()

2023-07-31 19:20:26 +02:00

qxl.c

hw/display/qxl: Pass requested buffer size to qxl_phys2virt()

2023-07-31 19:20:26 +02:00

qxl.h

hw/display/qxl: Pass requested buffer size to qxl_phys2virt()

2023-07-31 19:20:26 +02:00

ramfb-standalone.c

Use DECLARE_*CHECKER* macros

2020-09-09 09:27:09 -04:00

ramfb.c

ramfb: fix size calculation

2020-05-18 15:43:51 +02:00

sii9022.c

Use OBJECT_DECLARE_SIMPLE_TYPE when possible

2020-09-18 14:12:32 -04:00

sm501.c

hw/i2c: Rename i2c_set_slave_address() -> i2c_slave_set_address()

2021-07-08 14:15:01 -05:00

ssd0303.c

Use OBJECT_DECLARE_SIMPLE_TYPE when possible

2020-09-18 14:12:32 -04:00

ssd0323.c

hw/ssi: Rename SSI 'slave' as 'peripheral'

2020-12-10 12:15:03 -05:00

tc6393xb.c

hw/display/tc6393xb: Inline tc6393xb_draw_graphic32() at its callsite

2021-03-06 13:30:38 +00:00

tcx.c

hw: Replace anti-social QOM type names

2021-03-19 15:18:43 +01:00

trace-events

macfb: add common monitor modes supported by the MacOS toolbox ROM

2021-10-08 13:31:03 +02:00

trace.h

trace: switch position of headers to what Meson requires

2020-08-21 06:18:24 -04:00

vga_int.h

vga: cleanup mapping of VRAM for non-PCI VGA

2019-12-18 02:34:13 +01:00

vga_regs.h

Clean up header guards that don't match their file name

2019-05-13 08:58:55 +02:00

vga-access.h

vga: move access helpers to separate include file

2019-09-19 10:37:46 +02:00

vga-helpers.h

vga: move access helpers to separate include file

2019-09-19 10:37:46 +02:00

vga-isa-mm.c

vga: cleanup mapping of VRAM for non-PCI VGA

2019-12-18 02:34:13 +01:00

vga-isa.c

Revert "vga: don't abort when adding a duplicate isa-vga device"

2021-12-06 11:57:36 +01:00

vga-pci.c

edid: add support for DisplayID extension (5k resolution)

2021-05-10 11:41:02 +02:00

vga.c

vga: Allow writing VBE_DISPI_ID5 to ID register

2021-06-15 07:11:03 +02:00

vhost-user-gpu-pci.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

vhost-user-gpu.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

vhost-user-vga.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

virtio-gpu-base.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

virtio-gpu-gl.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

virtio-gpu-pci-gl.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

virtio-gpu-pci.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

virtio-gpu-udmabuf-stubs.c

virtio-gpu: splitting one extended mode guest fb into n-scanouts

2021-11-05 12:29:19 +01:00

virtio-gpu-udmabuf.c

virtio-gpu: splitting one extended mode guest fb into n-scanouts

2021-11-05 12:29:19 +01:00

virtio-gpu-virgl.c

hw/display: fix virgl reset regression

2021-07-22 15:46:54 +02:00

virtio-gpu.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

virtio-vga-gl.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

virtio-vga.c

modules: introduces module_kconfig directive

2023-07-31 19:20:26 +02:00

virtio-vga.h

qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros

2020-09-18 14:12:32 -04:00

vmware_vga.c

ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)

2023-07-31 19:20:26 +02:00

xenfb.c

Include hw/hw.h exactly where needed

2019-08-16 13:31:52 +02:00

xlnx_dp.c

hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_read

2021-08-31 14:34:36 +02:00