[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 3/5] vmware-vga: use vmsvga_verify_rect in vm
|
From: |
Don Koch |
|
Subject: |
Re: [Qemu-devel] [PATCH v2 3/5] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect |
|
Date: |
Thu, 16 Oct 2014 10:25:42 -0400 |
On Wed, 15 Oct 2014 12:10:37 +0200
Gerd Hoffmann <address@hidden> wrote:
> Switch vmsvga_update_rect over to use vmsvga_verify_rect. Slight change
> in behavior: We don't try to automatically fixup rectangles any more.
> In case we find invalid update requests we'll do a full-screen update
> instead.
This is good since the original calculations were wrong. (I had already fixed
said calculations but hadn't cleaned them up for submittal, yet.) Unfortunate
that you end up using "the big hammer" to fix it (i.e., update the entire
screen),
but that's better than before.
Reviewed-by: Don Koch <address@hidden>
> Cc: address@hidden
> Signed-off-by: Gerd Hoffmann <address@hidden>
> ---
> hw/display/vmware_vga.c | 32 ++++----------------------------
> 1 file changed, 4 insertions(+), 28 deletions(-)
>
> diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
> index ba73a1c..9d79de6 100644
> --- a/hw/display/vmware_vga.c
> +++ b/hw/display/vmware_vga.c
> @@ -356,36 +356,12 @@ static inline void vmsvga_update_rect(struct
> vmsvga_state_s *s,
> uint8_t *src;
> uint8_t *dst;
>
> - if (x < 0) {
> - fprintf(stderr, "%s: update x was < 0 (%d)\n", __func__, x);
> - w += x;
> + if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
> + /* go for a fullscreen update as fallback */
> x = 0;
> - }
> - if (w < 0) {
> - fprintf(stderr, "%s: update w was < 0 (%d)\n", __func__, w);
> - w = 0;
> - }
> - if (x + w > surface_width(surface)) {
> - fprintf(stderr, "%s: update width too large x: %d, w: %d\n",
> - __func__, x, w);
> - x = MIN(x, surface_width(surface));
> - w = surface_width(surface) - x;
> - }
> -
> - if (y < 0) {
> - fprintf(stderr, "%s: update y was < 0 (%d)\n", __func__, y);
> - h += y;
> y = 0;
> - }
> - if (h < 0) {
> - fprintf(stderr, "%s: update h was < 0 (%d)\n", __func__, h);
> - h = 0;
> - }
> - if (y + h > surface_height(surface)) {
> - fprintf(stderr, "%s: update height too large y: %d, h: %d\n",
> - __func__, y, h);
> - y = MIN(y, surface_height(surface));
> - h = surface_height(surface) - y;
> + w = surface_width(surface);
> + h = surface_height(surface);
> }
>
> bypl = surface_stride(surface);
> --
> 1.8.3.1
>
>
- [Qemu-devel] [PATCH v2 0/5] vmware-vga: fix CVE-2014-3689, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 3/5] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH v2 3/5] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect,
Don Koch <=
- [Qemu-devel] [PATCH v2 1/5] vmware-vga: CVE-2014-3689: turn off hw accel, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 2/5] vmware-vga: add vmsvga_verify_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH v2 5/5] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH] [sparse] fix build, Gerd Hoffmann, 2014/10/15