Commit Graph

38 Commits

Author SHA1 Message Date
aurel32
65d35a0997 CVE-2008-4539: fix a heap overflow in Cirrus emulation
The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.

(noticed by Jan Niehusmann)

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5587 c046a42c-6fe2-441c-8c8c-71466251a162
2008-11-01 00:53:39 +00:00
malc
cb5a7aa8c3 Optional "precise" VGA retrace support
Selected via: -vga <name>,retrace=precise

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5336 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-28 00:42:12 +00:00
balrog
38334f7630 Don't use ds->dpy_copy directly from hw/ (Jan Niehusmann).
I left a TODO in the code because this still doesn't definitely
fix all issues.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5308 c046a42c-6fe2-441c-8c8c-71466251a162
2008-09-24 02:21:24 +00:00
aurel32
d552947107 i386: fix isapc machine
- cirrus vga: enable graphic console
- pc: don't use apic for interrupts on ISA machine

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5026 c046a42c-6fe2-441c-8c8c-71466251a162
2008-08-19 12:55:20 +00:00
pbrook
c60e08d9c6 Implement resolution switching in common console code.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4812 c046a42c-6fe2-441c-8c8c-71466251a162
2008-07-01 16:24:38 +00:00
aurel32
ca896ef389 cirrusfb: proper "Attribute Controller Toggle Readback" register behaviour
(Marcelo Tosatti)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4386 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-08 12:21:27 +00:00
aurel32
b2eb849d4b CVE-2007-1320 - Cirrus LGD-54XX "bitblt" heap overflow
I have just noticed that patch for CVE-2007-1320 has never been applied
to the QEMU CVS. Please find it below.

| Multiple heap-based buffer overflows in the cirrus_invalidate_region
| function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
| possibly other products, might allow local users to execute arbitrary
| code via unspecified vectors related to "attempting to mark
| non-existent regions as dirty," aka the "bitblt" heap overflow.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@4340 c046a42c-6fe2-441c-8c8c-71466251a162
2008-05-05 21:26:31 +00:00
balrog
4d3b6f6e12 Add an ncurses UI.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3976 c046a42c-6fe2-441c-8c8c-71466251a162
2008-02-10 16:33:14 +00:00
ths
bee8d6842d qemu_put signedness fixes, by Andre Przywara.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3824 c046a42c-6fe2-441c-8c8c-71466251a162
2007-12-16 23:41:11 +00:00
pbrook
87ecb68bdf Break up vl.h.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3674 c046a42c-6fe2-441c-8c8c-71466251a162
2007-11-17 17:14:51 +00:00
ths
3b46e62427 find -type f | xargs sed -i 's/[\t ]*$//g' # Yes, again. Note the star in the regex.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3177 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-17 08:09:54 +00:00
ths
5fafdf24ef find -type f | xargs sed -i 's/[\t ]$//g' # on most files
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3173 c046a42c-6fe2-441c-8c8c-71466251a162
2007-09-16 21:08:06 +00:00
ths
96cf2df87c Cirrus transparent BITBLT (w/o color expand), by Hitoshi Osada.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3101 c046a42c-6fe2-441c-8c8c-71466251a162
2007-07-31 23:26:00 +00:00
ths
e91c8a7783 Spelling fixes, by Stefan Weil.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2927 c046a42c-6fe2-441c-8c8c-71466251a162
2007-06-03 13:35:16 +00:00
ths
d34cab9f49 VMware SVGA II emulation, by Andrzej Zaborowski.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2579 c046a42c-6fe2-441c-8c8c-71466251a162
2007-04-02 01:10:46 +00:00
bellard
83acc96b23 fixed VGA resolutions with height > 1024
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2121 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-18 09:32:04 +00:00
bellard
d2269f6f64 save VGA PCI state
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@2113 c046a42c-6fe2-441c-8c8c-71466251a162
2006-08-17 10:44:00 +00:00
bellard
24236869fb VNC server (Anthony Liguori)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1869 c046a42c-6fe2-441c-8c8c-71466251a162
2006-04-30 21:28:36 +00:00
bellard
ad81218e40 depth=24 write mask fix (Volker Ruppert)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1404 c046a42c-6fe2-441c-8c8c-71466251a162
2005-04-26 20:49:17 +00:00
bellard
e3a4e4b643 destination write mask support, fixed banked memory access, read-only access for bus type in SR 0x17 (Volker Ruppert)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1364 c046a42c-6fe2-441c-8c8c-71466251a162
2005-04-17 17:56:18 +00:00
bellard
0b74ed78ef mode 4 and 5 write fix (Magnus Damn)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1241 c046a42c-6fe2-441c-8c8c-71466251a162
2005-01-26 19:50:16 +00:00
bellard
c9c0eae84e bitblt fix (aka Solaris display fix)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1150 c046a42c-6fe2-441c-8c8c-71466251a162
2004-11-15 21:43:57 +00:00
bellard
9bb34eac8b CRTC register write protection fix
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1126 c046a42c-6fe2-441c-8c8c-71466251a162
2004-11-07 22:54:14 +00:00
bellard
8926b517e9 faster Cirrus VGA VRAM access
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@1114 c046a42c-6fe2-441c-8c8c-71466251a162
2004-10-10 15:14:20 +00:00
bellard
2c6ab8329e load/save state support
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@992 c046a42c-6fe2-441c-8c8c-71466251a162
2004-07-10 13:41:46 +00:00
bellard
b30d4608da 24 bpp fixes
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@984 c046a42c-6fe2-441c-8c8c-71466251a162
2004-07-06 01:50:49 +00:00
bellard
ae184e4ab7 dac write index register is r/w - CR1D access fix (Volker Ruppert)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@978 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-26 16:13:19 +00:00
bellard
46e50e9d58 added PCI bus
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@961 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-21 19:43:00 +00:00
bellard
e69390cee7 pattern fill fixes and optimization
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@917 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-09 23:12:09 +00:00
bellard
78e127efdb set memory size to 4MB for 5446 - fixed memory size probe (aka Win2000 bug) - fixed interlace support
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@914 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-08 00:58:26 +00:00
bellard
4c8732d71b cirrus blitter fixes
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@907 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-07 19:46:45 +00:00
bellard
a5082316e9 hardware cursor support - fill with rop support - color expand and color expand with transparent support - various optimisations
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@902 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-06 15:16:19 +00:00
bellard
20ba3ae101 better to use different ID for ISA and PCI
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@901 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 18:50:58 +00:00
bellard
a21ae81d8a change ID to CLGD5446 - added solidfill support - fixed hidden dac access
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@899 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 17:59:37 +00:00
bellard
aeb3c85f59 Cirrus fixes
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@898 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 14:26:11 +00:00
bellard
4e3e9d0b4d avoid using anonymous struct extension (not supported by all gcc 3.x)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@896 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 13:18:45 +00:00
bellard
e36f36e15f mmio support for vga registers - line offset fix - (aka XFree86 4.3.0 fixes)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@894 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 12:47:01 +00:00
bellard
e6e5ad80d8 Cirrus VGA emulation (initial patch by Suzu - heavily modified for easier merge)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@891 c046a42c-6fe2-441c-8c8c-71466251a162
2004-06-05 10:31:55 +00:00