mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
qemu/hw
History
Paolo Bonzini d2ba7ecb34 cirrus_vga: fix off-by-one in blit_region_is_unsafe 
The "max" value is being compared with >=, but addr + width points to
the first byte that will _not_ be copied.  Laszlo suggested using a
"greater than" comparison, instead of subtracting one like it is
already done above for the height, so that max remains always positive.

The mistake is "safe"---it will reject some blits, but will never cause
out-of-bounds writes.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Message-id: 1455121059-18280-1-git-send-email-pbonzini@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2016-03-01 07:51:32 +01:00
..
9pfs
all: Clean up includes
2016-02-23 12:43:05 +00:00
acpi
ich9: Remove enable_tco arguments from init functions
2016-02-25 13:14:19 +02:00
alpha
arm
raspi: fix SD card with recent sdhci changes
2016-02-26 15:09:42 +00:00
audio
all: Clean up includes
2016-02-23 12:43:05 +00:00
block
virtio-blk: do not use vring in dataplane
2016-02-25 13:14:18 +02:00
bt
char
core
migration: allow machine to enforce configuration section migration
2016-02-28 16:19:02 +11:00
cpu
cris
display
cirrus_vga: fix off-by-one in blit_region_is_unsafe
2016-03-01 07:51:32 +01:00
dma
etraxfs_dma: Dont forward zero-length payload to clients
2016-02-20 00:17:48 +01:00
gpio
ARM: PL061: Checking register r/w accesses to reserved area
2016-02-26 15:09:42 +00:00
i2c
i386
q35: No need to check gigabyte_align
2016-02-25 13:14:19 +02:00
ide
ahci: prohibit "restarting" the FIS or CLB engines
2016-02-10 13:29:40 -05:00
input
cuda: port SET_DEVICE_LIST command to new framework
2016-02-17 09:59:30 +11:00
intc
xics: report errors with the QEMU Error API
2016-02-28 16:19:02 +11:00
ipack
ipmi
ipmi: sensor number should not exceed MAX_SENSORS
2016-02-16 16:41:25 +01:00
isa
ich9: Remove enable_tco arguments from init functions
2016-02-25 13:14:19 +02:00
lm32
m68k
mem
move get_current_ram_size to virtio-balloon.c
2016-02-23 12:55:16 +02:00
microblaze
mips
misc
dbdma: warn when using unassigned channel
2016-02-28 16:19:02 +11:00
moxie
net
all: Clean up includes
2016-02-23 12:43:05 +00:00
nvram
fw_cfg: unbreak migration compatibility for 2.4 and earlier machines
2016-02-26 10:06:40 +01:00
openrisc
pci
pci core: function pci_bus_init() cleanup
2016-02-25 13:14:18 +02:00
pci-bridge
aer: impove pcie_aer_init to support vfio device
2016-02-19 09:42:28 -07:00
pci-host
vhost, virtio, pci, pxe
2016-02-19 10:50:37 +00:00
pcmcia
ppc
xics: report errors with the QEMU Error API
2016-02-28 16:19:02 +11:00
s390x
s390x: remove s390-zipl.rom
2016-02-11 15:15:47 +03:00
scsi
virtio-scsi: do not use vring in dataplane
2016-02-25 13:14:19 +02:00
sd
sdhci: add quirk property for card insert interrupt status on Raspberry Pi
2016-02-26 15:09:42 +00:00
sh4
smbios
sparc
sparc64
ssi
timer
tusb6010: move from hw/timer to hw/usb
2016-02-23 10:38:00 +01:00
tpm
tricore
unicore32
usb
usb-redirect: Avoid double free of data
2016-02-29 11:45:26 +01:00
vfio
all: Clean up includes
2016-02-23 12:43:05 +00:00
virtio
vring: remove
2016-02-25 13:14:19 +02:00
watchdog
xen
xen: drop XenXC and associated interface wrappers
2016-02-10 12:01:24 +00:00
xenpv
xtensa
Makefile.objs