qemu/hw
Gerd Hoffmann 7cdc61becd vga: fix region calculation
Typically the scanline length and the line offset are identical.  But
in case they are not our calculation for region_end is incorrect.  Using
line_offset is fine for all scanlines, except the last one where we have
to use the actual scanline length.

Fixes: CVE-2018-7550
Reported-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Tested-by: Ross Lagerwall <ross.lagerwall@citrix.com>
Message-id: 20180309143704.13420-1-kraxel@redhat.com
2018-03-12 11:45:21 +01:00
..
9pfs 9p: fix leak in synth_name_to_path() 2018-02-19 18:27:32 +01:00
acpi qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
adc Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
alpha Merge remote-tracking branch 'origin/master' into HEAD 2018-01-11 22:03:50 +02:00
arm mps2-an505: New board model: MPS2 with AN505 Cortex-M33 FPGA image 2018-03-02 11:03:45 +00:00
audio hw/audio/sb16.c: change dolog() to qemu_log_mask() 2018-02-02 08:19:47 +01:00
block virtio-blk: fix race between .ioeventfd_stop() and vq handler 2018-03-08 17:38:51 +00:00
bt hw/bt: Replace fprintf(stderr, "*\n" with error_report() 2018-01-22 09:51:00 +01:00
char s390x/sclp: clean up sclp masks 2018-03-08 15:49:23 +01:00
core Add symbol table callback interface to load_elf 2018-03-07 08:30:28 +13:00
cpu hw: use "qemu/osdep.h" as first #include in source files 2017-12-18 17:07:02 +03:00
cris cris: use generic cpu_model parsing 2017-10-27 16:03:54 +02:00
display vga: fix region calculation 2018-03-12 11:45:21 +01:00
dma hw/dma: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:09 +01:00
gpio Replace all occurances of __FUNCTION__ with __func__ 2018-01-22 09:46:18 +01:00
hppa hw/hppa: Use qemu_log_mask instead of fprintf to stderr 2018-02-04 14:11:03 -08:00
i2c hw/i2c-ddc: Do not fail writes 2018-03-01 11:05:45 +00:00
i386 multiboot: fprintf(stderr...) -> error_report() 2018-03-07 11:53:37 +01:00
ide Revert "IDE: Do not flush empty CDROM drives" 2018-03-02 18:39:07 +01:00
input adb: add trace-events for monitoring keyboard/mouse during bus enumeration 2018-03-06 13:16:29 +11:00
intc openpic_kvm: drop address_space_to_flatview call 2018-03-06 14:01:27 +01:00
ipack pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
ipmi qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
isa lpc: drop pcie host dependency 2018-02-13 18:25:48 +02:00
lm32 hw/lm32: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:26 +01:00
m68k m68k: mcf5208: use generic cpu_model parsing 2017-10-27 16:03:54 +02:00
mem Include less of the generated modular QAPI headers 2018-03-02 13:45:50 -06:00
microblaze xlnx-zynqmp-pmu: Connect the IPI device to the PMU 2018-01-26 11:09:09 +01:00
mips Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
misc misc: don't use hwaddr as a type in trace events 2018-03-06 14:24:30 +00:00
moxie hw/moxie: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:26 +01:00
net -----BEGIN PGP SIGNATURE----- 2018-03-05 14:27:24 +00:00
nios2 Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
nvram Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
openrisc hw/openrisc: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:26 +01:00
pci qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
pci-bridge virtio,vhost,pci,pc: features, fixes and cleanups 2018-02-13 16:33:31 +00:00
pci-host virtio,vhost,pci,pc: features, fixes and cleanups 2018-02-13 16:33:31 +00:00
pcmcia
ppc PPC: e500: Fix duplicate kernel load and device tree overlap 2018-03-06 13:16:29 +11:00
rdma hw/rdma: Implementation of PVRDMA device 2018-02-19 13:03:24 +02:00
riscv RISC-V Build Infrastructure 2018-03-07 08:30:28 +13:00
s390x s390x/virtio: Convert virtio-ccw from *_exit to *_unrealize 2018-03-08 17:22:20 +01:00
scsi virtio-scsi: fix race between .ioeventfd_stop() and vq handler 2018-03-08 17:38:51 +00:00
sd sdcard: simplify SD_SEND_OP_COND (ACMD41) 2018-02-22 15:12:54 +00:00
sh4 pci: Rename root bus initialization functions for clarity 2017-12-05 19:13:45 +02:00
smbios Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
sparc hw/sparc/sun4m: Fix implicit creation of "-drive if=scsi" devices 2018-03-08 07:21:54 +00:00
sparc64 Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
ssi xilinx_spips: Use 8 dummy cycles with the QIOR/QIOR4 commands 2018-03-01 11:05:44 +00:00
timer qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
tpm Merge tpm 2018/03/07 2018-03-08 12:56:39 +00:00
tricore tricore: use generic cpu_model parsing 2017-10-27 16:04:27 +02:00
unicore32 hw/unicore32: restrict hw addr defines to source file 2017-12-18 17:07:02 +03:00
usb usb-mtp: Advertise SendObjectInfo for write support 2018-02-26 12:18:36 +01:00
vfio vfio-ccw: license text should indicate GPL v2 or later 2018-03-08 15:49:23 +01:00
virtio qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
watchdog qapi: Empty out qapi-schema.json 2018-03-02 13:45:50 -06:00
xen virtio,vhost,pci,pc: features, fixes and cleanups 2018-02-13 16:33:31 +00:00
xenpv hw/xen*: Replace fprintf(stderr, "*\n" with error_report() 2018-02-06 18:29:46 +01:00
xtensa Move include qemu/option.h from qemu-common.h to actual users 2018-02-09 13:52:16 +01:00
Makefile.objs hw/rdma: Add wrappers and macros 2018-02-19 13:03:24 +02:00