[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689
From: |
Gerd Hoffmann |
Subject: |
Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689 |
Date: |
Thu, 16 Oct 2014 12:54:21 +0200 |
On Mi, 2014-10-15 at 17:43 +0200, Michael Tokarev wrote:
> On 15.10.2014 12:10, Gerd Hoffmann wrote:
> > Hi,
> >
> > vmware-vga emulation lacks sanity checks in the hardware acceleration
> > (blit + fill) functions. This patch series plugs the holes.
> >
> > v2 changes:
> > * small whitespace fixup.
> > * do fullscreen update on invalid update requests.
> >
> > cheers,
> > Gerd
> >
> > Gerd Hoffmann (5):
> > vmware-vga: CVE-2014-3689: turn off hw accel
> > vmware-vga: add vmsvga_verify_rect
> > vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
> > vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
> > vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
>
> A small question. Why do you first disable the hw accel for rect&fill
> and re-enable them in subsequent patches, as if applying the real
> fix patches takes very long time and during that time we need the
> hole to be fixed?
That was just the order the patches where created. There isn't a real
need for patch #1, but it didn't look important enough to me to bother
fixing it up after the series was complete.
cheers,
Gerd
- [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 3/5] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 1/5] vmware-vga: CVE-2014-3689: turn off hw accel, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 2/5] vmware-vga: add vmsvga_verify_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 5/5] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH] [sparse] fix build, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689, Michael Tokarev, 2014/10/15
- Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689,
Gerd Hoffmann <=