aurel32
65d35a0997
CVE-2008-4539: fix a heap overflow in Cirrus emulation
...
The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.
(noticed by Jan Niehusmann)
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5587 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-01 00:53:39 +00:00
malc
cb5a7aa8c3
Optional "precise" VGA retrace support
...
Selected via: -vga <name>,retrace=precise
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5336 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-28 00:42:12 +00:00
balrog
38334f7630
Don't use ds->dpy_copy directly from hw/ (Jan Niehusmann).
...
I left a TODO in the code because this still doesn't definitely
fix all issues.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5308 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-24 02:21:24 +00:00
aurel32
d552947107
i386: fix isapc machine
...
- cirrus vga: enable graphic console
- pc: don't use apic for interrupts on ISA machine
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5026 c046a42c-6fe2-441c-8c8c-71466251a162
2008-08-19 12:55:20 +00:00
pbrook
c60e08d9c6
Implement resolution switching in common console code.
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4812 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-01 16:24:38 +00:00
aurel32
ca896ef389
cirrusfb: proper "Attribute Controller Toggle Readback" register behaviour
...
(Marcelo Tosatti)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4386 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-08 12:21:27 +00:00
aurel32
b2eb849d4b
CVE-2007-1320 - Cirrus LGD-54XX "bitblt" heap overflow
...
I have just noticed that patch for CVE-2007-1320 has never been applied
to the QEMU CVS. Please find it below.
| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
| possibly other products, might allow local users to execute arbitrary
| code via unspecified vectors related to "attempting to mark
| non-existent regions as dirty," aka the "bitblt" heap overflow.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4340 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-05 21:26:31 +00:00
balrog
4d3b6f6e12
Add an ncurses UI.
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3976 c046a42c-6fe2-441c-8c8c-71466251a162
2008-02-10 16:33:14 +00:00
ths
bee8d6842d
qemu_put signedness fixes, by Andre Przywara.
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3824 c046a42c-6fe2-441c-8c8c-71466251a162
2007-12-16 23:41:11 +00:00
pbrook
87ecb68bdf
Break up vl.h.
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3674 c046a42c-6fe2-441c-8c8c-71466251a162
2007-11-17 17:14:51 +00:00
ths
3b46e62427
find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in the regex.
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3177 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-17 08:09:54 +00:00
ths
5fafdf24ef
find -type f | xargs sed -i 's/[\t ]$//g' # on most files
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3173 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-16 21:08:06 +00:00
ths
96cf2df87c
Cirrus transparent BITBLT (w/o color expand), by Hitoshi Osada.
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3101 c046a42c-6fe2-441c-8c8c-71466251a162
2007-07-31 23:26:00 +00:00
ths
e91c8a7783
Spelling fixes, by Stefan Weil.
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2927 c046a42c-6fe2-441c-8c8c-71466251a162
2007-06-03 13:35:16 +00:00
ths
d34cab9f49
VMware SVGA II emulation, by Andrzej Zaborowski.
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2579 c046a42c-6fe2-441c-8c8c-71466251a162
2007-04-02 01:10:46 +00:00
bellard
83acc96b23
fixed VGA resolutions with height > 1024
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2121 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-18 09:32:04 +00:00
bellard
d2269f6f64
save VGA PCI state
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2113 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-17 10:44:00 +00:00
bellard
24236869fb
VNC server (Anthony Liguori)
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1869 c046a42c-6fe2-441c-8c8c-71466251a162
2006-04-30 21:28:36 +00:00
bellard
ad81218e40
depth=24 write mask fix (Volker Ruppert)
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1404 c046a42c-6fe2-441c-8c8c-71466251a162
2005-04-26 20:49:17 +00:00
bellard
e3a4e4b643
destination write mask support, fixed banked memory access, read-only access for bus type in SR 0x17 (Volker Ruppert)
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1364 c046a42c-6fe2-441c-8c8c-71466251a162
2005-04-17 17:56:18 +00:00
bellard
0b74ed78ef
mode 4 and 5 write fix (Magnus Damn)
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1241 c046a42c-6fe2-441c-8c8c-71466251a162
2005-01-26 19:50:16 +00:00
bellard
c9c0eae84e
bitblt fix (aka Solaris display fix)
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1150 c046a42c-6fe2-441c-8c8c-71466251a162
2004-11-15 21:43:57 +00:00
bellard
9bb34eac8b
CRTC register write protection fix
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1126 c046a42c-6fe2-441c-8c8c-71466251a162
2004-11-07 22:54:14 +00:00
bellard
8926b517e9
faster Cirrus VGA VRAM access
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1114 c046a42c-6fe2-441c-8c8c-71466251a162
2004-10-10 15:14:20 +00:00
bellard
2c6ab8329e
load/save state support
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@992 c046a42c-6fe2-441c-8c8c-71466251a162
2004-07-10 13:41:46 +00:00
bellard
b30d4608da
24 bpp fixes
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@984 c046a42c-6fe2-441c-8c8c-71466251a162
2004-07-06 01:50:49 +00:00
bellard
ae184e4ab7
dac write index register is r/w - CR1D access fix (Volker Ruppert)
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@978 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-26 16:13:19 +00:00
bellard
46e50e9d58
added PCI bus
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@961 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-21 19:43:00 +00:00
bellard
e69390cee7
pattern fill fixes and optimization
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@917 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-09 23:12:09 +00:00
bellard
78e127efdb
set memory size to 4MB for 5446 - fixed memory size probe (aka Win2000 bug) - fixed interlace support
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@914 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-08 00:58:26 +00:00
bellard
4c8732d71b
cirrus blitter fixes
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@907 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-07 19:46:45 +00:00
bellard
a5082316e9
hardware cursor support - fill with rop support - color expand and color expand with transparent support - various optimisations
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@902 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-06 15:16:19 +00:00
bellard
20ba3ae101
better to use different ID for ISA and PCI
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@901 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 18:50:58 +00:00
bellard
a21ae81d8a
change ID to CLGD5446 - added solidfill support - fixed hidden dac access
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@899 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 17:59:37 +00:00
bellard
aeb3c85f59
Cirrus fixes
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@898 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 14:26:11 +00:00
bellard
4e3e9d0b4d
avoid using anonymous struct extension (not supported by all gcc 3.x)
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@896 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 13:18:45 +00:00
bellard
e36f36e15f
mmio support for vga registers - line offset fix - (aka XFree86 4.3.0 fixes)
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@894 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 12:47:01 +00:00
bellard
e6e5ad80d8
Cirrus VGA emulation (initial patch by Suzu - heavily modified for easier merge)
...
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@891 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 10:31:55 +00:00