qemu/hw/display
Prasad J Pandit abd7f08b23 display: virtio-gpu-3d: check virgl capabilities max_size
Virtio GPU device while processing 'VIRTIO_GPU_CMD_GET_CAPSET'
command, retrieves the maximum capabilities size to fill in the
response object. It continues to fill in capabilities even if
retrieved 'max_size' is zero(0), thus resulting in OOB access.
Add check to avoid it.

Reported-by: Zhenhao Hong <zhenhaohong@gmail.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Message-id: 20161214070156.23368-1-ppandit@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-12-20 14:18:39 +01:00
..
ads7846.c ssi: change ssi_slave_init to be a realize ops 2016-07-04 13:15:22 +01:00
bcm2835_fb.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
blizzard.c hw/display/blizzard: Remove blizzard_template.h 2016-05-12 13:22:30 +01:00
cg3.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
cirrus_vga_rop2.h
cirrus_vga_rop.h cirrus: Fix host CPU blits 2014-07-11 10:17:02 +02:00
cirrus_vga.c display: cirrus: check vga bits per pixel(bpp) value 2016-12-05 11:01:55 +01:00
dpcd.c aux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows 2016-07-07 13:47:01 +01:00
exynos4210_fimd.c hw/display: QOM'ify exynos4210_fimd.c 2016-05-12 13:22:27 +01:00
framebuffer.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
framebuffer.h framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer 2015-07-24 13:57:45 +02:00
g364fb.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
jazz_led.c hw/display: QOM'ify jazz_led.c 2016-05-13 09:33:38 +01:00
Makefile.objs introduce xlnx-dp 2016-06-14 16:01:03 +01:00
milkymist-tmu2.c lm32: milkymist-tmu2: fix integer overflow 2016-10-28 18:17:23 +03:00
milkymist-vgafb_template.h
milkymist-vgafb.c milkymist: update specification URLs 2016-06-20 18:12:04 +02:00
omap_dss.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
omap_lcd_template.h omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
omap_lcdc.c omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
pl110_template.h
pl110.c hw/display: QOM'ify pl110.c 2016-10-24 16:26:56 +01:00
pxa2xx_lcd.c arm: Clean up includes 2016-01-29 15:07:23 +00:00
pxa2xx_template.h
qxl-logger.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
qxl-render.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
qxl.c qxl: Only emit QXL_INTERRUPT_CLIENT_MONITORS_CONFIG on config changes 2016-12-05 09:37:52 +01:00
qxl.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
sm501_template.h hw: use ld_p/st_p instead of ld_raw/st_raw 2014-06-05 16:04:17 +02:00
sm501.c hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
ssd0303.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
ssd0323.c vmstateify ssd0323 display 2016-09-22 18:13:08 +01:00
tc6393xb_template.h
tc6393xb.c qemu-common: stop including qemu/host-utils.h from qemu-common.h 2016-05-19 16:42:28 +02:00
tcx.c hw: explicitly include qemu-common.h and cpu.h 2016-03-22 22:20:17 +01:00
trace-events trace-events: fix first line comment in trace-events 2016-08-12 10:36:01 +01:00
vga_int.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
vga-helpers.h vga: Rename vga_template.h to vga-helpers.h 2014-09-30 13:34:09 +02:00
vga-isa-mm.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
vga-isa.c portio: keep references on portio 2016-09-08 18:05:21 +04:00
vga-pci.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
vga.c coccinelle: Remove unnecessary variables for function return value 2016-06-20 16:38:13 +02:00
vga.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
virtio-gpu-3d.c display: virtio-gpu-3d: check virgl capabilities max_size 2016-12-20 14:18:39 +01:00
virtio-gpu-pci.c virtio-gpu-pci: tag as not hotpluggable 2016-09-13 09:26:58 +02:00
virtio-gpu.c virtio-gpu: fix memory leak in update_cursor_data_virgl 2016-12-05 09:37:52 +01:00
virtio-vga.c virtio: rename the bar index field name in VirtIOPCIProxy 2016-10-08 11:25:29 +03:00
vmware_vga.c vmsvga: correct bitmap and pixmap size checks 2016-09-13 09:24:35 +02:00
xenfb.c xen: Rename xen_be_find_xendev 2016-10-28 17:54:39 -07:00
xlnx_dp.c xlnx_dp: fix iffy xlnx_dp_aux_push_tx_fifo 2016-07-07 13:47:00 +01:00