subject:"\[RFC PATCH\-for\-7.2 0\/4\] hw\/display\/qxl\: Avoid buffer overrun in qxl

Re: [RFC PATCH-for-7.2 0/4] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt()

2022-11-25 Thread Philippe Mathieu-Daudé

Philippe Mathieu-Daudé (4): hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler hw/display/qxl: Document qxl_phys2virt() hw/display/qxl: Pass qxl_phys2virt size hw/display/qxl: Avoid buffer overrun in qxl_phys2virt() hw/display/qxl-logger.c | 22

Re: [RFC PATCH-for-7.2 0/4] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt()

2022-11-25 Thread Mauro Matteo Cascella

On Fri, Nov 25, 2022 at 4:40 PM Philippe Mathieu-Daudé wrote: > > memory_region_get_ram_ptr() returns a host pointer for a > MemoryRegion. Sometimes we do offset calculation using this > pointer without checking the underlying MemoryRegion size. > > Wenxu Yin reported a buffer overrun in QXL.

[RFC PATCH-for-7.2 0/4] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt()

2022-11-25 Thread Philippe Mathieu-Daudé

memory_region_get_ram_ptr() returns a host pointer for a MemoryRegion. Sometimes we do offset calculation using this pointer without checking the underlying MemoryRegion size. Wenxu Yin reported a buffer overrun in QXL. This series aims to fix it. I haven't audited the other _get_ram_ptr() uses

Re: [RFC PATCH-for-7.2 0/4] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt()

Re: [RFC PATCH-for-7.2 0/4] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt()

[RFC PATCH-for-7.2 0/4] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt()

3 matches

Site Navigation

Mail list logo

Footer information