qemu/display at 6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 - qemu - Gitea: Git with a cup of tea

mii/qemu

mirror of https://github.com/mii443/qemu.git synced 2025-12-03 11:08:25 +00:00

Files

History

Philippe Mathieu-Daudé 6dbbf05514 hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144)

Have qxl_get_check_slot_offset() return false if the requested
buffer size does not fit within the slot memory region.

Similarly qxl_phys2virt() now returns NULL in such case, and
qxl_dirty_one_surface() aborts.

This avoids buffer overrun in the host pointer returned by
memory_region_get_ram_ptr().

Fixes: CVE-2022-4144 (out-of-bounds read)
Reported-by: Wenxu Yin (@awxylitol)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20221128202741.4945-5-philmd@linaro.org>

2022-11-29 18:15:26 -05:00

..

acpi-vga-stub.c

acpi: pc: vga: use AcpiDevAmlIf interface to build VGA device descriptors

2022-11-07 14:00:29 -05:00

acpi-vga.c

acpi: pc: vga: use AcpiDevAmlIf interface to build VGA device descriptors

2022-11-07 14:00:29 -05:00

artist.c

artist: set memory region owners for buffers to the artist device

2022-06-26 18:40:28 +01:00

ati_2d.c

display: include dependencies explicitly

2022-11-10 10:17:18 -05:00

ati_dbg.c

ati-vga: Add dummy MEM_SDRAM_MODE_REG

2020-06-30 22:54:24 +02:00

ati_int.h

Use OBJECT_DECLARE_SIMPLE_TYPE when possible

2020-09-18 14:12:32 -04:00

ati_regs.h

ati-vga: Add dummy MEM_SDRAM_MODE_REG

2020-06-30 22:54:24 +02:00

ati.c

hw/display: Allow vga_common_init() to return errors

2022-03-18 10:15:57 +01:00

bcm2835_fb.c

hw/display/bcm2835_fb: Fix framebuffer allocation address

2022-07-26 14:09:44 +01:00

blizzard.c

hw/display: fix tab indentation

2022-11-08 10:23:32 +01:00

bochs-display.c

Use OBJECT_DECLARE_SIMPLE_TYPE when possible

2020-09-18 14:12:32 -04:00

cg3.c

Remove qemu-common.h include from most units

2022-04-06 14:31:55 +02:00

cirrus_vga_internal.h

hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file

2018-10-15 09:57:33 +02:00

cirrus_vga_isa.c

display: include dependencies explicitly

2022-11-10 10:17:18 -05:00

cirrus_vga_rop2.h

cirrus: fix PUTPIXEL macro

2017-03-27 12:14:45 +02:00

cirrus_vga_rop.h

cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16

2017-03-17 10:23:44 +01:00

cirrus_vga.c

display: include dependencies explicitly

2022-11-10 10:17:18 -05:00

dpcd.c

hw/display/dpcd: Convert debug printf()s to trace events

2020-05-28 11:38:57 +02:00

edid-generate.c

edid: Fix clock of Detailed Timing Descriptor

2022-03-04 11:31:46 +01:00

edid-region.c

Include exec/memory.h slightly less

2019-08-16 13:31:52 +02:00

exynos4210_fimd.c

hw/display/exynos4210_fimd: Fix potential NULL pointer dereference

2020-11-02 16:52:17 +00:00

framebuffer.c

Include hw/hw.h exactly where needed

2019-08-16 13:31:52 +02:00

framebuffer.h

…

g364fb.c

g364fb: add VMStateDescription for G364SysBusState

2021-07-02 17:35:08 +02:00

i2c-ddc.c

Mark remaining global TypeInfo instances as const

2022-02-21 13:30:20 +00:00

jazz_led.c

Use OBJECT_DECLARE_SIMPLE_TYPE when possible

2020-09-18 14:12:32 -04:00

Kconfig

hw/display: Rename VGA_ISA_MM -> VGA_MMIO

2022-01-13 10:58:54 +01:00

macfb.c

macfb: set initial value of mode control registers in macfb_common_realize()

2022-03-09 09:29:10 +00:00

meson.build

acpi: pc: vga: use AcpiDevAmlIf interface to build VGA device descriptors

2022-11-07 14:00:29 -05:00

next-fb.c

Do not include hw/boards.h if it's not really necessary

2021-05-02 17:24:51 +02:00

omap_dss.c

hw/display: fix tab indentation

2022-11-08 10:23:32 +01:00

omap_lcdc.c

hw/display/omap_lcdc: Delete unnecessary macro

2021-03-06 13:30:38 +00:00

pl110_template.h

Replace config-time define HOST_WORDS_BIGENDIAN

2022-04-06 10:50:37 +02:00

pl110.c

hw/display/pl110: Remove use of BITS from pl110_template.h

2021-03-14 13:14:55 +00:00

pxa2xx_lcd.c

hw/display: fix tab indentation

2022-11-08 10:23:32 +01:00

qxl-logger.c

hw/display/qxl: Pass requested buffer size to qxl_phys2virt()

2022-11-29 18:15:26 -05:00

qxl-render.c

hw/display/qxl: Pass requested buffer size to qxl_phys2virt()

2022-11-29 18:15:26 -05:00

qxl.c

hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144)

2022-11-29 18:15:26 -05:00

qxl.h

hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144)

2022-11-29 18:15:26 -05:00

ramfb-standalone.c

Use DECLARE_*CHECKER* macros

2020-09-09 09:27:09 -04:00

ramfb.c

ramfb: fix size calculation

2020-05-18 15:43:51 +02:00

sii9022.c

hw/i2c: add asynchronous send

2022-06-30 09:21:14 +02:00

sm501.c

hw/i2c: Rename i2c_set_slave_address() -> i2c_slave_set_address()

2021-07-08 14:15:01 -05:00

ssd0303.c

hw/i2c: add asynchronous send

2022-06-30 09:21:14 +02:00

ssd0323.c

hw/ssi: Rename SSI 'slave' as 'peripheral'

2020-12-10 12:15:03 -05:00

tc6393xb.c

Use g_new() & friends where that makes obvious sense

2022-03-21 15:44:44 +01:00

tcx.c

Remove qemu-common.h include from most units

2022-04-06 14:31:55 +02:00

trace-events

hw/display/vmware_vga: do not discard screen updates

2022-04-22 11:47:08 +02:00

trace.h

trace: switch position of headers to what Meson requires

2020-08-21 06:18:24 -04:00

vga_int.h

display: include dependencies explicitly

2022-11-10 10:17:18 -05:00

vga_regs.h

hw/display: fix tab indentation

2022-11-08 10:23:32 +01:00

vga-access.h

vga: move access helpers to separate include file

2019-09-19 10:37:46 +02:00

vga-helpers.h

vga: move access helpers to separate include file

2019-09-19 10:37:46 +02:00

vga-isa.c

display: include dependencies explicitly

2022-11-10 10:17:18 -05:00

vga-mmio.c

display: include dependencies explicitly

2022-11-10 10:17:18 -05:00

vga-pci.c

display: include dependencies explicitly

2022-11-10 10:17:18 -05:00

vga.c

display: include dependencies explicitly

2022-11-10 10:17:18 -05:00

vhost-user-gpu-pci.c

modules: introduces module_kconfig directive

2022-06-06 09:26:53 +02:00

vhost-user-gpu.c

vhost-user: Call qemu_socketpair() instead of socketpair()

2022-09-29 14:38:05 +04:00

vhost-user-vga.c

modules: introduces module_kconfig directive

2022-06-06 09:26:53 +02:00

virtio-gpu-base.c

virtio-gpu: Respect UI refresh rate for EDID

2022-06-14 10:34:37 +02:00

virtio-gpu-gl.c

modules: introduces module_kconfig directive

2022-06-06 09:26:53 +02:00

virtio-gpu-pci-gl.c

modules: introduces module_kconfig directive

2022-06-06 09:26:53 +02:00

virtio-gpu-pci.c

modules: introduces module_kconfig directive

2022-06-06 09:26:53 +02:00

virtio-gpu-udmabuf-stubs.c

virtio-gpu: splitting one extended mode guest fb into n-scanouts

2021-11-05 12:29:19 +01:00

virtio-gpu-udmabuf.c

Remove qemu-common.h include from most units

2022-04-06 14:31:55 +02:00

virtio-gpu-virgl.c

virtio-gpu: use VIRTIO_GPU_RESOURCE_FLAG_Y_0_TOP

2021-12-21 10:50:21 +04:00

virtio-gpu.c

virtio-gpu: update scanout if there is any area covered by the rect

2022-09-27 07:32:31 +02:00

virtio-vga-gl.c

modules: introduces module_kconfig directive

2022-06-06 09:26:53 +02:00

virtio-vga.c

ui/console: Do not return a value with ui_info

2022-06-14 10:34:37 +02:00

virtio-vga.h

qom: Remove module_obj_name parameter from OBJECT_DECLARE* macros

2020-09-18 14:12:32 -04:00

vmware_vga.c

display: include dependencies explicitly

2022-11-10 10:17:18 -05:00

xenfb.c

hw/display: fix tab indentation

2022-11-08 10:23:32 +01:00

xlnx_dp.c

xlnx_dp: drop unsupported AUXCommand in xlnx_dp_aux_set_command

2022-08-08 11:40:06 +02:00