OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
a501bfc917
qemu-e2k/hw/display
History
Helge Deller a501bfc917 hw/display/artist: Prevent out of VRAM buffer accesses 
Simplify various bounds checks by changing parameters like row and column
numbers to become unsigned instead of signed.
With that we can check if the calculated offset is bigger than the size of the
VRAM region and bail out if not.

Reported-by: LLVM libFuzzer
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Buglink: https://bugs.launchpad.net/qemu/+bug/1880326
Buglink: https://bugs.launchpad.net/qemu/+bug/1890310
Buglink: https://bugs.launchpad.net/qemu/+bug/1890311
Buglink: https://bugs.launchpad.net/qemu/+bug/1890312
Buglink: https://bugs.launchpad.net/qemu/+bug/1890370
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Helge Deller <deller@gmx.de>
2020-08-26 23:04:00 +02:00
..
ads7846.c Replace uses of FROM_SSI_SLAVE() macro with QOM casts 2020-07-03 16:59:46 +01:00
artist.c hw/display/artist: Prevent out of VRAM buffer accesses 2020-08-26 23:04:00 +02:00
ati_2d.c ati-vga: Fix checks in ati_2d_blt() to avoid crash 2020-04-07 09:25:23 +02:00
ati_dbg.c ati-vga: Add dummy MEM_SDRAM_MODE_REG 2020-06-30 22:54:24 +02:00
ati_int.h ati-vga: Implement dummy VBlank IRQ 2019-08-22 10:04:20 +02:00
ati_regs.h ati-vga: Add dummy MEM_SDRAM_MODE_REG 2020-06-30 22:54:24 +02:00
ati.c ati-vga: Add dummy MEM_SDRAM_MODE_REG 2020-06-30 22:54:24 +02:00
bcm2835_fb.c qom: Don't handle impossible object_property_get_link() failure 2020-07-10 15:18:08 +02:00
blizzard.c display/blizzard: use extract16() for fix clang analyzer warning in blizzard_draw_line16_32() 2020-05-04 11:17:27 +02:00
bochs-display.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
cg3.c hw/display/cg3: Convert debug printf()s to trace events 2020-05-28 11:38:57 +02:00
cirrus_vga_internal.h hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file 2018-10-15 09:57:33 +02:00
cirrus_vga_isa.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
cirrus_vga_rop2.h cirrus: fix PUTPIXEL macro 2017-03-27 12:14:45 +02:00
cirrus_vga_rop.h cirrus: fix off-by-one in cirrus_bitblt_rop_bkwd_transp_*_16 2017-03-17 10:23:44 +01:00
cirrus_vga.c hw/display/cirrus_vga: Fix code mis-indentation 2020-06-05 09:17:23 +02:00
dpcd.c hw/display/dpcd: Convert debug printf()s to trace events 2020-05-28 11:38:57 +02:00
edid-generate.c Arithmetic error in EDID generation fixed 2020-03-02 08:20:30 +01:00
edid-region.c Include exec/memory.h slightly less 2019-08-16 13:31:52 +02:00
exynos4210_fimd.c hw/display/exynos4210_fimd: Use qemu_log_mask(GUEST_ERROR) 2020-05-28 11:38:57 +02:00
framebuffer.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
framebuffer.h framebuffer: set DIRTY_MEMORY_VGA on RAM that is used for the framebuffer 2015-07-24 13:57:45 +02:00
g364fb.c hw/display: Let devices own the MemoryRegion they create 2020-03-17 15:18:48 +01:00
i2c-ddc.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
jazz_led.c mips: jazz: Renovate coding style 2019-12-16 13:04:46 +01:00
Kconfig hppa: Add emulation of Artist graphics 2020-01-27 10:49:51 -08:00
macfb.c hw/display: Let devices own the MemoryRegion they create 2020-03-17 15:18:48 +01:00
Makefile.objs Revert "vga: build virtio-gpu as module" 2020-07-11 15:53:29 +01:00
milkymist-tmu2.c sysbus: Convert to sysbus_realize() etc. with Coccinelle 2020-06-15 22:05:28 +02:00
milkymist-vgafb_template.h milkymist-vgafb: swap pixel data in source buffer 2014-02-04 19:34:30 +01:00
milkymist-vgafb.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
next-fb.c hw/display: Include local 'framebuffer.h' 2020-05-18 15:40:04 +02:00
omap_dss.c hw/display/omap_dss: Replace fprintf() call by qemu_log_mask(LOG_UNIMP) 2020-05-28 11:38:57 +02:00
omap_lcd_template.h omap_lcdc: Remove support for DEPTH != 32 2016-05-12 13:22:24 +01:00
omap_lcdc.c Remove unnecessary cast when using the cpu_[physical]_memory API 2020-02-20 14:47:08 +01:00
pl110_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
pl110.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
pxa2xx_lcd.c hw/display/pxa2xx_lcd: Replace printf() call by qemu_log_mask() 2020-05-28 11:38:57 +02:00
pxa2xx_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
qxl-logger.c hw/display: Clean up includes 2016-01-29 15:07:24 +00:00
qxl-render.c console: add graphic_hw_update_done() 2020-01-02 13:54:57 +04:00
qxl.c qxl: fix modular builds with dtrace 2020-07-21 10:56:47 +02:00
qxl.h qxl: introduce hardware revision 5 2020-02-13 08:31:40 +01:00
ramfb-standalone.c Revert "hw/display/ramfb: initialize fw-config space with xres/ yres" 2020-05-18 15:42:34 +02:00
ramfb.c ramfb: fix size calculation 2020-05-18 15:43:51 +02:00
sii9022.c hw/i2c: Rename i2c_create_slave() as i2c_slave_create_simple() 2020-07-16 12:30:54 -05:00
sm501_template.h sm501: Misc clean ups 2017-04-24 12:32:12 +01:00
sm501.c sm501: Fix and optimize overlap check 2020-06-30 22:50:04 +02:00
ssd0303.c Include migration/vmstate.h less 2019-08-16 13:31:52 +02:00
ssd0323.c Replace uses of FROM_SSI_SLAVE() macro with QOM casts 2020-07-03 16:59:46 +01:00
tc6393xb_template.h display: avoid multi-statement macro 2014-01-31 14:47:33 +00:00
tc6393xb.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
tcx.c hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
trace-events sm501: Convert debug printfs to traces 2020-06-30 22:46:28 +02:00
vga_int.h vga: cleanup mapping of VRAM for non-PCI VGA 2019-12-18 02:34:13 +01:00
vga_regs.h Clean up header guards that don't match their file name 2019-05-13 08:58:55 +02:00
vga-access.h vga: move access helpers to separate include file 2019-09-19 10:37:46 +02:00
vga-helpers.h vga: move access helpers to separate include file 2019-09-19 10:37:46 +02:00
vga-isa-mm.c vga: cleanup mapping of VRAM for non-PCI VGA 2019-12-18 02:34:13 +01:00
vga-isa.c hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
vga-pci.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
vga.c vga: cleanup mapping of VRAM for non-PCI VGA 2019-12-18 02:34:13 +01:00
vhost-user-gpu-pci.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
vhost-user-gpu.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
vhost-user-vga.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
virtio-gpu-3d.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
virtio-gpu-base.c error: Avoid error_propagate() after migrate_add_blocker() 2020-07-10 15:18:08 +02:00
virtio-gpu-pci.c error: Eliminate error_propagate() with Coccinelle, part 1 2020-07-10 15:18:08 +02:00
virtio-gpu.c qdev: set properties with device_class_set_props() 2020-01-24 20:59:15 +01:00
virtio-vga.c error: Eliminate error_propagate() with Coccinelle, part 1 2020-07-10 15:18:08 +02:00
virtio-vga.h Clean up a header guard symbols (again) 2019-06-12 13:20:21 +02:00
vmware_vga.c hw/display/vmware_vga: Let the PCI device own its I/O MemoryRegion 2020-05-28 11:38:57 +02:00
xenfb.c Include hw/hw.h exactly where needed 2019-08-16 13:31:52 +02:00
xlnx_dp.c auxbus: Eliminate aux_create_slave() 2020-06-15 22:05:28 +02:00