[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH-for-8.0 v3 5/5] hw/display/qxl: Assert memory slot fits in preall
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
[PATCH-for-8.0 v3 5/5] hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion |
|
Date: |
Mon, 28 Nov 2022 21:27:41 +0100 |
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
---
hw/display/qxl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index 0b21626aad..6772849dec 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -1384,6 +1384,7 @@ static int qxl_add_memslot(PCIQXLDevice *d, uint32_t
slot_id, uint64_t delta,
qxl_set_guest_bug(d, "%s: pci_region = %d", __func__, pci_region);
return 1;
}
+ assert(guest_end - pci_start <= memory_region_size(mr));
virt_start = (intptr_t)memory_region_get_ram_ptr(mr);
memslot.slot_id = slot_id;
--
2.38.1
- [RFC PATCH-for-7.2 v3 0/5] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt(), Philippe Mathieu-Daudé, 2022/11/28
- [PATCH-for-7.2 v3 1/5] hw/display/qxl: Have qxl_log_command Return early if no log_cmd handler, Philippe Mathieu-Daudé, 2022/11/28
- [PATCH-for-7.2 v3 2/5] hw/display/qxl: Document qxl_phys2virt(), Philippe Mathieu-Daudé, 2022/11/28
- [RFC PATCH-for-7.2 v3 3/5] hw/display/qxl: Pass requested buffer size to qxl_phys2virt(), Philippe Mathieu-Daudé, 2022/11/28
- [PATCH-for-8.0 v3 5/5] hw/display/qxl: Assert memory slot fits in preallocated MemoryRegion,
Philippe Mathieu-Daudé <=
- [RFC PATCH-for-7.2 v3 4/5] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144), Philippe Mathieu-Daudé, 2022/11/28
- Re: [RFC PATCH-for-7.2 v3 0/5] hw/display/qxl: Avoid buffer overrun in qxl_phys2virt(), Stefan Hajnoczi, 2022/11/30