qemu-e2k/ui
Mauro Matteo Cascella fa892e9abb ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
Prevent potential integer overflow by limiting 'width' and 'height' to
512x512. Also change 'datasize' type to size_t. Refer to security
advisory https://starlabs.sg/advisories/22-4206/ for more information.

Fixes: CVE-2021-4206
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220407081712.345609-1-mcascell@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-07 12:30:54 +02:00
..
icons
keycodemapdb@d21009b1c9
shader
clipboard.c ui/clipboard: fix use-after-free regression 2022-03-04 11:29:34 +01:00
cocoa.m ui/cocoa: Respect left-command-key option 2022-03-29 00:41:50 +02:00
console-gl.c ui/console: fix texture leak when calling surface_gl_create_texture() 2022-03-04 11:28:37 +01:00
console.c ui/console: Check console before emitting GL event 2022-03-29 00:41:50 +02:00
curses_keys.h
curses.c meson.build: Support ncurses on MacOS and OpenBSD 2021-11-19 10:18:27 +01:00
cursor_hidden.xpm
cursor_left_ptr.xpm
cursor.c ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) 2022-04-07 12:30:54 +02:00
dbus-chardev.c ui/dbus: add chardev backend & interface 2021-12-21 10:50:22 +04:00
dbus-clipboard.c ui/dbus: add clipboard interface 2021-12-21 10:50:22 +04:00
dbus-console.c ui/dbus: associate the DBusDisplayConsole listener with the given console 2022-03-14 15:16:08 +04:00
dbus-display1.xml ui/dbus: add chardev backend & interface 2021-12-21 10:50:22 +04:00
dbus-error.c ui: add a D-Bus display backend 2021-12-21 10:50:22 +04:00
dbus-listener.c ui/dbus: do not send 2d scanout until gfx_update 2022-03-15 12:54:59 +04:00
dbus-module.c ui/dbus: add p2p=on/off option 2021-12-21 10:50:22 +04:00
dbus.c ui/dbus: fix texture sharing 2022-03-15 12:54:55 +04:00
dbus.h ui/dbus: associate the DBusDisplayConsole listener with the given console 2022-03-14 15:16:08 +04:00
egl-context.c ui: split the GL context in a different object 2021-12-21 10:50:21 +04:00
egl-headless.c ui/console: egl-headless is compatible with non-gl listeners 2022-03-14 15:16:05 +04:00
egl-helpers.c ui/gtk-egl: blitting partial guest fb to the proper scanout surface 2021-11-05 12:29:44 +01:00
gtk-clipboard.c ui: fix gtk clipboard clear assertion 2022-01-13 10:57:43 +01:00
gtk-egl.c ui: split the GL context in a different object 2021-12-21 10:50:21 +04:00
gtk-gl-area.c ui: split the GL context in a different object 2021-12-21 10:50:21 +04:00
gtk.c ui/gtk: Ignore 2- and 3-button press events 2022-03-18 09:27:33 +01:00
input-barrier.c
input-barrier.h
input-keymap.c
input-legacy.c ui/input-legacy: pass horizontal scroll information 2022-01-13 15:33:18 +01:00
input-linux.c
input.c
kbd-state.c
keymaps.c
keymaps.h
meson.build ui/dbus: add chardev backend & interface 2021-12-21 10:50:22 +04:00
qemu-pixman.c
qemu-x509.h
qemu.desktop
sdl2-2d.c
sdl2-gl.c ui: split the GL context in a different object 2021-12-21 10:50:21 +04:00
sdl2-input.c
sdl2.c ui/console: move dcl compatiblity check to a callback 2022-03-14 15:16:01 +04:00
shader.c ui/shader: free associated programs 2022-03-14 15:16:16 +04:00
spice-app.c
spice-core.c ui: move qemu_spice_fill_device_address to ui/util.c 2021-12-21 10:50:21 +04:00
spice-display.c ui/console: move dcl compatiblity check to a callback 2022-03-14 15:16:01 +04:00
spice-input.c
spice-module.c
trace-events ui/dbus: add clipboard interface 2021-12-21 10:50:22 +04:00
trace.h
udmabuf.c
util.c ui: move qemu_spice_fill_device_address to ui/util.c 2021-12-21 10:50:21 +04:00
vdagent.c ui/clipboard: add a clipboard reset serial event 2021-12-21 10:50:21 +04:00
vgafont.h
vnc_keysym.h
vnc-auth-sasl.c
vnc-auth-sasl.h
vnc-auth-vencrypt.c
vnc-auth-vencrypt.h
vnc-clipboard.c ui/clipboard: add a clipboard reset serial event 2021-12-21 10:50:21 +04:00
vnc-enc-hextile-template.h
vnc-enc-hextile.c
vnc-enc-tight.c Use g_new() & friends where that makes obvious sense 2022-03-21 15:44:44 +01:00
vnc-enc-tight.h
vnc-enc-zlib.c
vnc-enc-zrle.c
vnc-enc-zrle.c.inc
vnc-enc-zrle.h
vnc-enc-zywrle-template.c
vnc-enc-zywrle.h
vnc-jobs.c
vnc-jobs.h
vnc-palette.c
vnc-palette.h
vnc-stubs.c
vnc-ws.c
vnc-ws.h
vnc.c ui: avoid unnecessary memory operations in vnc_refresh_server_surface() 2022-03-18 09:30:01 +01:00
vnc.h
win32-kbd-hook.c
x_keymap.c
x_keymap.h