vga: stop passing pointers to vga_draw_line* functions - ~fziglio/qemu

diff options

author	Gerd Hoffmann <kraxel@redhat.com>	2017-08-28 14:29:06 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2017-09-01 13:52:43 +0200
commit	3d90c6254863693a6b13d918d2b8682e08bbc681 (patch)
tree	41f305d2ad30ffad4ea463ca2c89f83e53eb2067 /bsd-user/signal.c
parent	e65294157d4b69393b3f819c99f4f647452b48e3 (diff)

vga: stop passing pointers to vga_draw_line* functions

Instead pass around the address (aka offset into vga memory). Add vga_read_* helper functions which apply vbe_size_mask to the address, to make sure the address stays within the valid range, similar to the cirrus blitter fixes (commits ffaf857778 and 026aeffcb4). Impact: DoS for privileged guest users. qemu crashes with a segfault, when hitting the guard page after vga memory allocation, while reading vga memory for display updates. Fixes: CVE-2017-13672 Cc: P J P <ppandit@redhat.com> Reported-by: David Buchanan <d@vidbuchanan.co.uk> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 20170828122906.18993-1-kraxel@redhat.com

Diffstat (limited to 'bsd-user/signal.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: