Branch: refs/heads/master Home: https://github.com/qemu/qemu Commit: 7cdc61becd095b64a786b2625f321624e7111f3d https://github.com/qemu/qemu/commit/7cdc61becd095b64a786b2625f321624e7111f3d Author: Gerd Hoffmann <kra...@redhat.com> Date: 2018-03-12 (Mon, 12 Mar 2018)
Changed paths: M hw/display/vga.c Log Message: ----------- vga: fix region calculation Typically the scanline length and the line offset are identical. But in case they are not our calculation for region_end is incorrect. Using line_offset is fine for all scanlines, except the last one where we have to use the actual scanline length. Fixes: CVE-2018-7550 Reported-by: Ross Lagerwall <ross.lagerw...@citrix.com> Signed-off-by: Gerd Hoffmann <kra...@redhat.com> Reviewed-by: Prasad J Pandit <p...@fedoraproject.org> Tested-by: Ross Lagerwall <ross.lagerw...@citrix.com> Message-id: 20180309143704.13420-1-kra...@redhat.com Commit: fb5fff15881ba7a002924b967eb211c002897983 https://github.com/qemu/qemu/commit/fb5fff15881ba7a002924b967eb211c002897983 Author: Peter Maydell <peter.mayd...@linaro.org> Date: 2018-03-12 (Mon, 12 Mar 2018) Changed paths: M hw/display/vga.c Log Message: ----------- Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180312-pull-request' into staging 7cdc61becd vga: fix region calculation # gpg: Signature made Mon 12 Mar 2018 10:59:24 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kra...@redhat.com>" # gpg: aka "Gerd Hoffmann <g...@kraxel.org>" # gpg: aka "Gerd Hoffmann (private) <kra...@gmail.com>" # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/vga-20180312-pull-request: vga: fix region calculation Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> Compare: https://github.com/qemu/qemu/compare/6ceb1b51f05f...fb5fff15881b