Re: [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vm

From:	Don Koch
Subject:	Re: [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
Date:	Thu, 16 Oct 2014 10:29:18 -0400

On Wed, 15 Oct 2014 12:10:38 +0200
Gerd Hoffmann <address@hidden> wrote:

> Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL.
> 
> Cc: address@hidden
> Signed-off-by: Gerd Hoffmann <address@hidden>
> ---
>  hw/display/vmware_vga.c | 9 ++++++++-
>  1 file changed, 8 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
> index 9d79de6..1fc9641 100644
> --- a/hw/display/vmware_vga.c
> +++ b/hw/display/vmware_vga.c
> @@ -29,8 +29,8 @@
>  #include "hw/pci/pci.h"
>  
>  #undef VERBOSE
> -#if 0
>  #define HW_RECT_ACCEL
> +#if 0
>  #define HW_FILL_ACCEL
>  #endif
>  #define HW_MOUSE_ACCEL
> @@ -417,6 +417,13 @@ static inline void vmsvga_copy_rect(struct 
> vmsvga_state_s *s,
>      int line = h;
>      uint8_t *ptr[2];
>  
> +    if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) {
> +        return;
> +    }
> +    if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) {
> +        return;
> +    }
> +

If I read this correctly, if either the source or destination are even partially
off-screen, the copy silently fails, which sounds wrong.

I'd suggest having this function return false if one of these checks fail so the
caller can do something appropriate (like "goto badcmd").

-d

>      if (y1 > y0) {
>          ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
>          ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
> -- 
> 1.8.3.1
> 
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 3/5] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect, Gerd Hoffmann, 2014/10/15
  - Re: [Qemu-devel] [PATCH v2 3/5] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect, Don Koch, 2014/10/16
- [Qemu-devel] [PATCH v2 1/5] vmware-vga: CVE-2014-3689: turn off hw accel, Gerd Hoffmann, 2014/10/15
  - Re: [Qemu-devel] [PATCH v2 1/5] vmware-vga: CVE-2014-3689: turn off hw accel, Don Koch, 2014/10/16
- [Qemu-devel] [PATCH v2 2/5] vmware-vga: add vmsvga_verify_rect, Gerd Hoffmann, 2014/10/15
  - Re: [Qemu-devel] [PATCH v2 2/5] vmware-vga: add vmsvga_verify_rect, Don Koch, 2014/10/16
- [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, Gerd Hoffmann, 2014/10/15
  - Re: [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, Don Koch <=
- [Qemu-devel] [PATCH v2 5/5] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect, Gerd Hoffmann, 2014/10/15
  - Re: [Qemu-devel] [PATCH v2 5/5] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect, Don Koch, 2014/10/16
- [Qemu-devel] [PATCH] [sparse] fix build, Gerd Hoffmann, 2014/10/15
  - Re: [Qemu-devel] [PATCH] [sparse] fix build, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689, Michael Tokarev, 2014/10/15
  - Re: [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689, Gerd Hoffmann, 2014/10/16

Prev by Date: Re: [Qemu-devel] [PATCH v2 3/5] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect
Next by Date: Re: [Qemu-devel] [PATCH 1/6] target-mips: add Config5.SBRI
Previous by thread: [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
Next by thread: [Qemu-devel] [PATCH v2 5/5] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect
Index(es):
- Date
- Thread