qemu/hw/display
Prasad J Pandit d6c3768b32 hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS
The ctz32() routine could return a value greater than
TC6393XB_GPIOS=16, because the device has 24 GPIO level
bits but we only implement 16 outgoing lines. This could
lead to an OOB array access. Mask 'level' to avoid it.

Reported-by: Moguofang <moguofang@huawei.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20171212041539.25700-1-ppandit@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2017-12-13 17:59:26 +00:00
..
Makefile.objs add opengl_cflags to QEMU_CFLAGS 2017-03-21 10:25:01 +00:00
ads7846.c ssi: change ssi_slave_init to be a realize ops 2016-07-04 13:15:22 +01:00
bcm2835_fb.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
blizzard.c hw/display/blizzard: Remove blizzard_template.h 2016-05-12 13:22:30 +01:00
cg3.c hw: Use new memory_region_init_{ram, rom, rom_device}() functions 2017-07-14 17:59:42 +01:00
cirrus_vga.c cirrus: fix oob access in mode4and5 write functions 2017-10-17 09:59:00 +02:00
cirrus_vga_rop.h cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16 2017-03-17 10:23:44 +01:00
cirrus_vga_rop2.h cirrus: fix PUTPIXEL macro 2017-03-27 12:14:45 +02:00
dpcd.c aux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows 2016-07-07 13:47:01 +01:00
exynos4210_fimd.c exynos: make display updates thread safe 2017-04-24 10:12:28 +02:00
framebuffer.c framebuffer: make display updates thread safe 2017-04-24 10:12:28 +02:00
framebuffer.h framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer 2015-07-24 13:57:45 +02:00
g364fb.c g364fb: make display updates thread safe 2017-04-24 10:12:28 +02:00
jazz_led.c jazz_led: fix bad snprintf 2017-05-10 10:19:24 +03:00
milkymist-tmu2.c lm32: milkymist-tmu2: fix a third integer overflow 2017-02-28 09:03:39 +03:00
milkymist-vgafb.c milkymist: update specification URLs 2016-06-20 18:12:04 +02:00
milkymist-vgafb_template.h milkymist-vgafb: swap pixel data in source buffer 2014-02-04 19:34:30 +01:00
omap_dss.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
omap_lcd_template.h omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
omap_lcdc.c omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
pl110.c hw/display: QOM'ify pl110.c 2016-10-24 16:26:56 +01:00
pl110_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
pxa2xx_lcd.c arm: Clean up includes 2016-01-29 15:07:23 +00:00
pxa2xx_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
qxl-logger.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
qxl-render.c qxl: add support for chunked cursors. 2017-09-01 13:52:43 +02:00
qxl.c pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
qxl.h qxl: add xres and yres properties 2017-04-24 10:12:28 +02:00
sm501.c hw/display/sm501: Fix comment in sm501_sysbus_class_init() 2017-11-08 13:21:37 +11:00
sm501_template.h sm501: Misc clean ups 2017-04-24 12:32:12 +01:00
ssd0303.c i2c: Allow I2C devices to NAK start events 2017-01-09 11:40:20 +00:00
ssd0323.c vmstateify ssd0323 display 2016-09-22 18:13:08 +01:00
tc6393xb.c hw/display/tc6393xb: limit irq handler index to TC6393XB_GPIOS 2017-12-13 17:59:26 +00:00
tc6393xb_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
tcx.c memory: Rename memory_region_init_ram() to memory_region_init_ram_nomigrate() 2017-07-14 17:59:42 +01:00
trace-events hw/display/xenfb.c: Add trace_xenfb_key_event 2017-09-26 09:06:02 +03:00
vga-helpers.h vga: stop passing pointers to vga_draw_line* functions 2017-09-01 13:52:43 +02:00
vga-isa-mm.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
vga-isa.c portio: keep references on portio 2016-09-08 18:05:21 +04:00
vga-pci.c pci: Add INTERFACE_CONVENTIONAL_PCI_DEVICE to Conventional PCI devices 2017-10-15 05:54:43 +03:00
vga.c vga: fix region checks in wraparound case 2017-11-10 11:26:55 +01:00
vga.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
vga_int.h vga: stop passing pointers to vga_draw_line* functions 2017-09-01 13:52:43 +02:00
virtio-gpu-3d.c virtio-gpu: move virtio_gpu_gl_block 2017-05-12 12:02:48 +02:00
virtio-gpu-pci.c virtio-gpu-pci: tag as not hotpluggable 2016-09-13 09:26:58 +02:00
virtio-gpu.c virtio-gpu: fix bug in host memory calculation. 2017-11-10 11:05:19 +01:00
virtio-vga.c virtio: rename the bar index field name in VirtIOPCIProxy 2016-10-08 11:25:29 +03:00
vmware_vga.c vmsvga: use ARRAY_SIZE macro 2017-11-10 14:25:56 +01:00
xenfb.c hw/display/xenfb.c: Add trace_xenfb_key_event 2017-09-26 09:06:02 +03:00
xlnx_dp.c qom: enforce readonly nature of link's check callback 2017-07-14 12:04:42 +02:00