[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PULL 4/4] cirrus: fix oob access issue (CVE-2017-2615)
From: |
Gerd Hoffmann |
Subject: |
Re: [Qemu-devel] [PULL 4/4] cirrus: fix oob access issue (CVE-2017-2615) |
Date: |
Thu, 02 Feb 2017 16:00:12 +0100 |
> > Signed-off-by: Li Qiang <address@hidden>
> > Reviewed-by: Laszlo Ersek <address@hidden>
> > Signed-off-by: Gerd Hoffmann <address@hidden>
> > Message-id: address@hidden
> > Message-id: address@hidden
> >
> > { kraxel: with backward blits (negative pitch) addr is the topmost
> > address, so check it as-is against vram size ]
> >
> > Cc: address@hidden
> > Cc: P J P <address@hidden>
> > Cc: Laszlo Ersek <address@hidden>
> > Cc: Paolo Bonzini <address@hidden>
> > Cc: Wolfgang Bumiller <address@hidden>
> > Fixes: d3532a0db02296e687711b8cdc7791924efccea0 (CVE-2014-8106)
> > Signed-off-by: Gerd Hoffmann <address@hidden>
> My inner pedant wishes to observe that my review concerned the patch as
> modified by you, so for complete accuracy, my R-b should be at the
> bottom, under your S-o-b.
>
> Not sure if this merits a PULLv2, I just needed to "silence to voices".
Oops. The message ids are kinda f*cked up too. Guess I shouldn't trust
the patches tool too much when it comes to non-trivial patch flows.
I'll respin the pull request.
cheers,
Gerd
- [Qemu-devel] [PULL 0/4] cirrus: multiple bugfixes, including CVE-2017-2615 fix., Gerd Hoffmann, 2017/02/02
- [Qemu-devel] [PULL 4/4] cirrus: fix oob access issue (CVE-2017-2615), Gerd Hoffmann, 2017/02/02
- [Qemu-devel] [PULL 1/4] cirrus: handle negative pitch in cirrus_invalidate_region(), Gerd Hoffmann, 2017/02/02
- [Qemu-devel] [PULL 3/4] cirrus: fix blit address mask handling, Gerd Hoffmann, 2017/02/02
- [Qemu-devel] [PULL 2/4] cirrus: allow zero source pitch in pattern fill rops, Gerd Hoffmann, 2017/02/02
- Re: [Qemu-devel] [PULL 0/4] cirrus: multiple bugfixes, including CVE-2017-2615 fix., Gerd Hoffmann, 2017/02/02
- [Qemu-devel] [PULL 0/4] cirrus: multiple bugfixes, including CVE-2017-2615 fix., Gerd Hoffmann, 2017/02/02
- [Qemu-devel] [PULL 4/4] cirrus: fix oob access issue (CVE-2017-2615), Gerd Hoffmann, 2017/02/02
- [Qemu-devel] [PULL 1/4] cirrus: handle negative pitch in cirrus_invalidate_region(), Gerd Hoffmann, 2017/02/02
- [Qemu-devel] [PULL 2/4] cirrus: allow zero source pitch in pattern fill rops, Gerd Hoffmann, 2017/02/02
- [Qemu-devel] [PULL 3/4] cirrus: fix blit address mask handling, Gerd Hoffmann, 2017/02/02
- Re: [Qemu-devel] [PULL 0/4] cirrus: multiple bugfixes, including CVE-2017-2615 fix., Peter Maydell, 2017/02/03