qemu-e2k/hw/display
Gerd Hoffmann 92f2b88cea cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620)
CIRRUS_BLTMODE_MEMSYSSRC blits do NOT check blit destination
and blit width, at all.  Oops.  Fix it.

Security impact: high.

The missing blit destination check allows to write to host memory.
Basically same as CVE-2014-8106 for the other blit variants.

Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2017-02-24 14:35:50 +01:00
..
ads7846.c ssi: change ssi_slave_init to be a realize ops 2016-07-04 13:15:22 +01:00
bcm2835_fb.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
blizzard.c
cg3.c hw: explicitly include qemu/log.h 2016-05-19 16:42:29 +02:00
cirrus_vga_rop2.h
cirrus_vga_rop.h
cirrus_vga.c cirrus: add blit_is_unsafe call to cirrus_bitblt_cputovideo (CVE-2017-2620) 2017-02-24 14:35:50 +01:00
dpcd.c aux: Rename aux.[ch] to auxbus.[ch] for the benefit of Windows 2016-07-07 13:47:01 +01:00
exynos4210_fimd.c
framebuffer.c hw/display/framebuffer.c: Avoid overflow for framebuffers > 4GB 2017-01-24 23:26:53 +03:00
framebuffer.h
g364fb.c migration: consolidate VMStateField.start 2017-02-13 17:27:13 +00:00
jazz_led.c
Makefile.objs introduce xlnx-dp 2016-06-14 16:01:03 +01:00
milkymist-tmu2.c char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
milkymist-vgafb_template.h
milkymist-vgafb.c milkymist: update specification URLs 2016-06-20 18:12:04 +02:00
omap_dss.c
omap_lcd_template.h
omap_lcdc.c
pl110_template.h
pl110.c hw/display: QOM'ify pl110.c 2016-10-24 16:26:56 +01:00
pxa2xx_lcd.c
pxa2xx_template.h
qxl-logger.c
qxl-render.c
qxl.c qxl: switch to constants within BUILD_BUG_ON 2017-01-31 15:57:27 +02:00
qxl.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
sm501_template.h
sm501.c char: rename CharDriverState Chardev 2017-01-27 18:07:59 +01:00
ssd0303.c i2c: Allow I2C devices to NAK start events 2017-01-09 11:40:20 +00:00
ssd0323.c vmstateify ssd0323 display 2016-09-22 18:13:08 +01:00
tc6393xb_template.h
tc6393xb.c qemu-common: stop including qemu/host-utils.h from qemu-common.h 2016-05-19 16:42:28 +02:00
tcx.c
trace-events cirrus: replace debug printf with trace points 2017-02-10 16:49:45 +01:00
vga_int.h Clean up decorations and whitespace around header guards 2016-07-12 16:20:46 +02:00
vga-helpers.h
vga-isa-mm.c
vga-isa.c portio: keep references on portio 2016-09-08 18:05:21 +04:00
vga-pci.c
vga.c vga: replace debug printf with trace points 2017-02-10 16:49:45 +01:00
vga.h Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
virtio-gpu-3d.c virtio-gpu: fix resource leak in virgl_cmd_resource_unref 2017-02-10 16:49:45 +01:00
virtio-gpu-pci.c virtio-gpu-pci: tag as not hotpluggable 2016-09-13 09:26:58 +02:00
virtio-gpu.c virtio-gpu: fix memory leak in set scanout 2017-02-10 16:49:45 +01:00
virtio-vga.c virtio: rename the bar index field name in VirtIOPCIProxy 2016-10-08 11:25:29 +03:00
vmware_vga.c vmsvga: correct bitmap and pixmap size checks 2016-09-13 09:24:35 +02:00
xenfb.c xen: Rename xen_be_find_xendev 2016-10-28 17:54:39 -07:00
xlnx_dp.c hw: Fix typos found by codespell 2017-01-24 23:26:52 +03:00