dfaggioli/qemu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc97d7d5ed7f37304cec2f7246ffaca94e2223c3
qemu/hw/display
History
Mauro Matteo Cascella 409723f5db ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) 
Git-commit fa892e9abb
References: bsc#1198035, CVE-2021-4206

Prevent potential integer overflow by limiting 'width' and 'height' to
512x512. Also change 'datasize' type to size_t. Refer to security
advisory https://starlabs.sg/advisories/22-4206/ for more information.

Fixes: CVE-2021-4206
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220407081712.345609-1-mcascell@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Dario Faggioli <dfaggioli@suse.com>
2023-07-31 19:20:26 +02:00
..
artist.c
hw/display/artist: Fix bug in coordinate extraction in artist_vram_read() and artist_vram_write()
2021-08-31 14:38:53 +02:00
ati_2d.c
ati: check x y display parameter values
2020-11-04 08:25:17 +01:00
ati_dbg.c
ati-vga: Add dummy MEM_SDRAM_MODE_REG
2020-06-30 22:54:24 +02:00
ati_int.h
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
ati_regs.h
ati-vga: Add dummy MEM_SDRAM_MODE_REG
2020-06-30 22:54:24 +02:00
ati.c
hw/i2c: Rename i2c_set_slave_address() -> i2c_slave_set_address()
2021-07-08 14:15:01 -05:00
bcm2835_fb.c
nomaintainer: Fix Lesser GPL version number
2020-11-15 17:04:40 +01:00
blizzard.c
display/blizzard: use extract16() for fix clang analyzer warning in blizzard_draw_line16_32()
2020-05-04 11:17:27 +02:00
bochs-display.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
cg3.c
vl: extract softmmu/datadir.c
2020-12-10 12:15:18 -05:00
cirrus_vga_internal.h
hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file
2018-10-15 09:57:33 +02:00
cirrus_vga_isa.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
cirrus_vga_rop2.h
cirrus: fix PUTPIXEL macro
2017-03-27 12:14:45 +02:00
cirrus_vga_rop.h
cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16
2017-03-17 10:23:44 +01:00
cirrus_vga.c
hw/display/cirrus_vga: Fix hexadecimal format string specifier
2020-11-13 07:36:33 +01:00
dpcd.c
hw/display/dpcd: Convert debug printf()s to trace events
2020-05-28 11:38:57 +02:00
edid-generate.c
edid: add support for DisplayID extension (5k resolution)
2021-05-10 11:41:02 +02:00
edid-region.c
Include exec/memory.h slightly less
2019-08-16 13:31:52 +02:00
exynos4210_fimd.c
hw/display/exynos4210_fimd: Fix potential NULL pointer dereference
2020-11-02 16:52:17 +00:00
framebuffer.c
Include hw/hw.h exactly where needed
2019-08-16 13:31:52 +02:00
framebuffer.h
framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer
2015-07-24 13:57:45 +02:00
g364fb.c
g364fb: add VMStateDescription for G364SysBusState
2021-07-02 17:35:08 +02:00
i2c-ddc.c
qdev: set properties with device_class_set_props()
2020-01-24 20:59:15 +01:00
jazz_led.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
Kconfig
Drop the deprecated lm32 target
2021-05-12 18:20:25 +02:00
macfb.c
macfb: fix a memory leak (CID 1465231)
2021-11-09 16:42:49 +01:00
meson.build
hw/display: Restrict virtio-gpu-udmabuf stubs to !Linux
2021-08-31 14:31:43 +02:00
next-fb.c
Do not include hw/boards.h if it's not really necessary
2021-05-02 17:24:51 +02:00
omap_dss.c
hw/display/omap_dss: Replace fprintf() call by qemu_log_mask(LOG_UNIMP)
2020-05-28 11:38:57 +02:00
omap_lcdc.c
hw/display/omap_lcdc: Delete unnecessary macro
2021-03-06 13:30:38 +00:00
pl110_template.h
hw/display/pl110: Remove use of BITS from pl110_template.h
2021-03-14 13:14:55 +00:00
pl110.c
hw/display/pl110: Remove use of BITS from pl110_template.h
2021-03-14 13:14:55 +00:00
pxa2xx_lcd.c
hw/display/pxa2xx: Inline template header
2021-03-14 13:14:56 +00:00
qxl-logger.c
hw/display/qxl: Fix bad printf format specifiers
2021-02-04 14:32:40 +01:00
qxl-render.c
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
2023-07-31 19:20:26 +02:00
qxl.c
qxl: fix pre-save logic
2021-09-15 08:41:59 +02:00
qxl.h
Revert "qxl: add migration blocker to avoid pre-save assert"
2021-07-22 15:46:47 +02:00
ramfb-standalone.c
Use DECLARE_*CHECKER* macros
2020-09-09 09:27:09 -04:00
ramfb.c
ramfb: fix size calculation
2020-05-18 15:43:51 +02:00
sii9022.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
sm501.c
hw/i2c: Rename i2c_set_slave_address() -> i2c_slave_set_address()
2021-07-08 14:15:01 -05:00
ssd0303.c
Use OBJECT_DECLARE_SIMPLE_TYPE when possible
2020-09-18 14:12:32 -04:00
ssd0323.c
hw/ssi: Rename SSI 'slave' as 'peripheral'
2020-12-10 12:15:03 -05:00
tc6393xb.c
hw/display/tc6393xb: Inline tc6393xb_draw_graphic32() at its callsite
2021-03-06 13:30:38 +00:00
tcx.c
hw: Replace anti-social QOM type names
2021-03-19 15:18:43 +01:00
trace-events
macfb: add common monitor modes supported by the MacOS toolbox ROM
2021-10-08 13:31:03 +02:00
trace.h
trace: switch position of headers to what Meson requires
2020-08-21 06:18:24 -04:00
vga_int.h
vga: cleanup mapping of VRAM for non-PCI VGA
2019-12-18 02:34:13 +01:00
vga_regs.h
Clean up header guards that don't match their file name
2019-05-13 08:58:55 +02:00
vga-access.h
vga: move access helpers to separate include file
2019-09-19 10:37:46 +02:00
vga-helpers.h
vga: move access helpers to separate include file
2019-09-19 10:37:46 +02:00
vga-isa-mm.c
vga: cleanup mapping of VRAM for non-PCI VGA
2019-12-18 02:34:13 +01:00
vga-isa.c
Revert "vga: don't abort when adding a duplicate isa-vga device"
2021-12-06 11:57:36 +01:00
vga-pci.c
edid: add support for DisplayID extension (5k resolution)
2021-05-10 11:41:02 +02:00
vga.c
vga: Allow writing VBE_DISPI_ID5 to ID register
2021-06-15 07:11:03 +02:00
vhost-user-gpu-pci.c
modules: add virtio-gpu module annotations
2021-07-09 18:20:27 +02:00
vhost-user-gpu.c
modules: add virtio-gpu module annotations
2021-07-09 18:20:27 +02:00
vhost-user-vga.c
modules: add virtio-gpu module annotations
2021-07-09 18:20:27 +02:00
virtio-gpu-base.c
modules: add virtio-gpu module annotations
2021-07-09 18:20:27 +02:00
virtio-gpu-gl.c
hw/display: fix virgl reset regression
2021-07-22 15:46:54 +02:00
virtio-gpu-pci-gl.c
modules: add virtio-gpu module annotations
2021-07-09 18:20:27 +02:00
virtio-gpu-pci.c
modules: add virtio-gpu module annotations
2021-07-09 18:20:27 +02:00
virtio-gpu-udmabuf-stubs.c
virtio-gpu: splitting one extended mode guest fb into n-scanouts
2021-11-05 12:29:19 +01:00
virtio-gpu-udmabuf.c
virtio-gpu: splitting one extended mode guest fb into n-scanouts
2021-11-05 12:29:19 +01:00
virtio-gpu-virgl.c
hw/display: fix virgl reset regression
2021-07-22 15:46:54 +02:00
virtio-gpu.c
virtio-gpu: splitting one extended mode guest fb into n-scanouts
2021-11-05 12:29:19 +01:00
virtio-vga-gl.c
modules: add virtio-gpu module annotations
2021-07-09 18:20:27 +02:00
virtio-vga.c
modules: add virtio-gpu module annotations
2021-07-09 18:20:27 +02:00
virtio-vga.h
qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros
2020-09-18 14:12:32 -04:00
vmware_vga.c
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
2023-07-31 19:20:26 +02:00
xenfb.c
Include hw/hw.h exactly where needed
2019-08-16 13:31:52 +02:00
xlnx_dp.c
hw/display/xlnx_dp: fix an out-of-bounds read in xlnx_dp_read
2021-08-31 14:34:36 +02:00