qemu/hw/display
BALATON Zoltan ac2071c379 ati-vga: Fix checks in ati_2d_blt() to avoid crash
In some corner cases (that never happen during normal operation but a
malicious guest could program wrong values) pixman functions were
called with parameters that result in a crash. Fix this and add more
checks to disallow such cases.

Reported-by: Ziming Zhang <ezrakiez@gmail.com>
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-id: 20200406204029.19559747D5D@zero.eik.bme.hu
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-04-07 09:25:23 +02:00
..
ads7846.c migration: Define VMSTATE_INSTANCE_ID_ANY 2020-01-20 09:10:23 +01:00
artist.c hw/display/artist: Remove dead code (CID 1419388 & 1419389) 2020-02-18 11:21:47 -08:00
ati_2d.c ati-vga: Fix checks in ati_2d_blt() to avoid crash 2020-04-07 09:25:23 +02:00
ati_dbg.c ati-vga: Implement dummy VBlank IRQ 2019-08-22 10:04:20 +02:00
ati_int.h ati-vga: Implement dummy VBlank IRQ 2019-08-22 10:04:20 +02:00
ati_regs.h ati-vga: Implement dummy VBlank IRQ 2019-08-22 10:04:20 +02:00
ati.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
bcm2835_fb.c hw/arm/bcm283x: Correct the license text 2020-03-23 17:22:30 +00:00
blizzard.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
bochs-display.c stdvga+bochs-display: add dummy mmio handler 2020-03-16 12:40:47 +01:00
cg3.c hw/display: Use memory_region_init_rom() with read-only regions 2020-03-17 15:18:46 +01:00
cirrus_vga_internal.h hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file 2018-10-15 09:57:33 +02:00
cirrus_vga_isa.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
cirrus_vga_rop2.h
cirrus_vga_rop.h
cirrus_vga.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
dpcd.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
edid-generate.c Arithmetic error in EDID generation fixed 2020-03-02 08:20:30 +01:00
edid-region.c Include exec/memory.h slightly less 2019-08-16 13:31:52 +02:00
exynos4210_fimd.c display/exynos4210_fimd: Remove redundant statement in exynos4210_fimd_update() 2020-03-09 15:59:31 +01:00
framebuffer.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
framebuffer.h
g364fb.c hw/display: Let devices own the MemoryRegion they create 2020-03-17 15:18:48 +01:00
i2c-ddc.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
jazz_led.c mips: jazz: Renovate coding style 2019-12-16 13:04:46 +01:00
Kconfig hppa: Add emulation of Artist graphics 2020-01-27 10:49:51 -08:00
macfb.c hw/display: Let devices own the MemoryRegion they create 2020-03-17 15:18:48 +01:00
Makefile.objs hw/*/Makefile.objs: Move many .o files to common-objs 2020-02-04 09:00:57 +01:00
milkymist-tmu2.c Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument 2020-02-20 14:47:08 +01:00
milkymist-vgafb_template.h
milkymist-vgafb.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
next-fb.c m68k: Add NeXTcube framebuffer device emulation 2019-09-07 08:30:34 +02:00
omap_dss.c Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument 2020-02-20 14:47:08 +01:00
omap_lcd_template.h
omap_lcdc.c Remove unnecessary cast when using the cpu_[physical]_memory API 2020-02-20 14:47:08 +01:00
pl110_template.h
pl110.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
pxa2xx_lcd.c display/pxa2xx_lcd: Remove redundant statement in pxa2xx_palette_parse() 2020-03-09 15:59:31 +01:00
pxa2xx_template.h
qxl-logger.c
qxl-render.c console: add graphic_hw_update_done() 2020-01-02 13:54:57 +04:00
qxl.c qxl: map rom r/o 2020-03-02 08:24:36 +01:00
qxl.h qxl: introduce hardware revision 5 2020-02-13 08:31:40 +01:00
ramfb-standalone.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
ramfb.c Let cpu_[physical]_memory() calls pass a boolean 'is_write' argument 2020-02-20 14:47:08 +01:00
sii9022.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
sm501_template.h
sm501.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
ssd0303.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
ssd0323.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
tc6393xb_template.h
tc6393xb.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
tcx.c hw/display: Use memory_region_init_rom() with read-only regions 2020-03-17 15:18:46 +01:00
trace-events hppa: Add emulation of Artist graphics 2020-01-27 10:49:51 -08:00
vga_int.h vga: cleanup mapping of VRAM for non-PCI VGA 2019-12-18 02:34:13 +01:00
vga_regs.h Clean up header guards that don't match their file name 2019-05-13 08:58:55 +02:00
vga-access.h vga: move access helpers to separate include file 2019-09-19 10:37:46 +02:00
vga-helpers.h vga: move access helpers to separate include file 2019-09-19 10:37:46 +02:00
vga-isa-mm.c vga: cleanup mapping of VRAM for non-PCI VGA 2019-12-18 02:34:13 +01:00
vga-isa.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
vga-pci.c stdvga+bochs-display: add dummy mmio handler 2020-03-16 12:40:47 +01:00
vga.c vga: cleanup mapping of VRAM for non-PCI VGA 2019-12-18 02:34:13 +01:00
vhost-user-gpu-pci.c hw/display: add vhost-user-vga & gpu-pci 2019-05-29 06:30:45 +02:00
vhost-user-gpu.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
vhost-user-vga.c hw/display: add vhost-user-vga & gpu-pci 2019-05-29 06:30:45 +02:00
virtio-gpu-3d.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
virtio-gpu-base.c virtio-gpu: split virtio-gpu, introduce virtio-gpu-base 2019-05-29 06:30:45 +02:00
virtio-gpu-pci.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
virtio-gpu.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
virtio-vga.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
virtio-vga.h Clean up a header guard symbols (again) 2019-06-12 13:20:21 +02:00
vmware_vga.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
xenfb.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
xlnx_dp.c display: xlnx_dp: Provide sufficient bytes for silent audio channel 2019-11-21 07:12:28 +01:00