OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
a501bfc917
qemu-e2k/hw/display
History
Helge Deller a501bfc917 hw/display/artist: Prevent out of VRAM buffer accesses 
Simplify various bounds checks by changing parameters like row and column
numbers to become unsigned instead of signed.
With that we can check if the calculated offset is bigger than the size of the
VRAM region and bail out if not.

Reported-by: LLVM libFuzzer
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Buglink: https://bugs.launchpad.net/qemu/+bug/1880326
Buglink: https://bugs.launchpad.net/qemu/+bug/1890310
Buglink: https://bugs.launchpad.net/qemu/+bug/1890311
Buglink: https://bugs.launchpad.net/qemu/+bug/1890312
Buglink: https://bugs.launchpad.net/qemu/+bug/1890370
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Helge Deller <deller@gmx.de>
2020-08-26 23:04:00 +02:00
..
ads7846.c Replace uses of FROM_SSI_SLAVE() macro with QOM casts 2020-07-03 16:59:46 +01:00
artist.c hw/display/artist: Prevent out of VRAM buffer accesses 2020-08-26 23:04:00 +02:00
ati_2d.c ati-vga: Fix checks in ati_2d_blt() to avoid crash 2020-04-07 09:25:23 +02:00
ati_dbg.c ati-vga: Add dummy MEM_SDRAM_MODE_REG 2020-06-30 22:54:24 +02:00
ati_int.h
ati_regs.h ati-vga: Add dummy MEM_SDRAM_MODE_REG 2020-06-30 22:54:24 +02:00
ati.c ati-vga: Add dummy MEM_SDRAM_MODE_REG 2020-06-30 22:54:24 +02:00
bcm2835_fb.c qom: Don't handle impossible object_property_get_link() failure 2020-07-10 15:18:08 +02:00
blizzard.c display/blizzard: use extract16() for fix clang analyzer warning in blizzard_draw_line16_32() 2020-05-04 11:17:27 +02:00
bochs-display.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
cg3.c hw/display/cg3: Convert debug printf()s to trace events 2020-05-28 11:38:57 +02:00
cirrus_vga_internal.h
cirrus_vga_isa.c
cirrus_vga_rop2.h
cirrus_vga_rop.h
cirrus_vga.c hw/display/cirrus_vga: Fix code mis-indentation 2020-06-05 09:17:23 +02:00
dpcd.c hw/display/dpcd: Convert debug printf()s to trace events 2020-05-28 11:38:57 +02:00
edid-generate.c
edid-region.c
exynos4210_fimd.c hw/display/exynos4210_fimd: Use qemu_log_mask(GUEST_ERROR) 2020-05-28 11:38:57 +02:00
framebuffer.c
framebuffer.h
g364fb.c hw/display: Let devices own the MemoryRegion they create 2020-03-17 15:18:48 +01:00
i2c-ddc.c
jazz_led.c
Kconfig
macfb.c hw/display: Let devices own the MemoryRegion they create 2020-03-17 15:18:48 +01:00
Makefile.objs Revert "vga: build virtio-gpu as module" 2020-07-11 15:53:29 +01:00
milkymist-tmu2.c sysbus: Convert to sysbus_realize() etc. with Coccinelle 2020-06-15 22:05:28 +02:00
milkymist-vgafb_template.h
milkymist-vgafb.c
next-fb.c hw/display: Include local 'framebuffer.h' 2020-05-18 15:40:04 +02:00
omap_dss.c hw/display/omap_dss: Replace fprintf() call by qemu_log_mask(LOG_UNIMP) 2020-05-28 11:38:57 +02:00
omap_lcd_template.h
omap_lcdc.c
pl110_template.h
pl110.c
pxa2xx_lcd.c hw/display/pxa2xx_lcd: Replace printf() call by qemu_log_mask() 2020-05-28 11:38:57 +02:00
pxa2xx_template.h
qxl-logger.c
qxl-render.c
qxl.c qxl: fix modular builds with dtrace 2020-07-21 10:56:47 +02:00
qxl.h
ramfb-standalone.c Revert "hw/display/ramfb: initialize fw-config space with xres/ yres" 2020-05-18 15:42:34 +02:00
ramfb.c ramfb: fix size calculation 2020-05-18 15:43:51 +02:00
sii9022.c hw/i2c: Rename i2c_create_slave() as i2c_slave_create_simple() 2020-07-16 12:30:54 -05:00
sm501_template.h
sm501.c sm501: Fix and optimize overlap check 2020-06-30 22:50:04 +02:00
ssd0303.c
ssd0323.c Replace uses of FROM_SSI_SLAVE() macro with QOM casts 2020-07-03 16:59:46 +01:00
tc6393xb_template.h
tc6393xb.c
tcx.c hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
trace-events sm501: Convert debug printfs to traces 2020-06-30 22:46:28 +02:00
vga_int.h
vga_regs.h
vga-access.h
vga-helpers.h
vga-isa-mm.c
vga-isa.c hw: Remove unnecessary DEVICE() cast 2020-05-15 07:08:52 +02:00
vga-pci.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
vga.c
vhost-user-gpu-pci.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
vhost-user-gpu.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
vhost-user-vga.c qom: Drop parameter @errp of object_property_add() & friends 2020-05-15 07:07:58 +02:00
virtio-gpu-3d.c
virtio-gpu-base.c error: Avoid error_propagate() after migrate_add_blocker() 2020-07-10 15:18:08 +02:00
virtio-gpu-pci.c error: Eliminate error_propagate() with Coccinelle, part 1 2020-07-10 15:18:08 +02:00
virtio-gpu.c
virtio-vga.c error: Eliminate error_propagate() with Coccinelle, part 1 2020-07-10 15:18:08 +02:00
virtio-vga.h
vmware_vga.c hw/display/vmware_vga: Let the PCI device own its I/O MemoryRegion 2020-05-28 11:38:57 +02:00
xenfb.c
xlnx_dp.c auxbus: Eliminate aux_create_slave() 2020-06-15 22:05:28 +02:00