[0/3] hw/display/artist: Fix out-of-buffer accesses found while fuzzing

Message ID	20200523191517.23684-1-f4bug@amsat.org
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <f4bug@amsat.org> To: Helge Deller <deller@gmx.de>, qemu-devel@nongnu.org, Richard Henderson <rth@twiddle.net>, Sven Schnelle <svens@stackframe.org> Subject: [PATCH 0/3] hw/display/artist: Fix out-of-buffer accesses found while fuzzing Date: Sat, 23 May 2020 21:15:14 +0200 Message-Id: <20200523191517.23684-1-f4bug@amsat.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::441; envelope-from=philippe.mathieu.daude@gmail.com; helo=mail-wr1-x441.google.com Precedence: list Cc: Alexander Bulekov <alxndr@bu.edu>, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <f4bug@amsat.org> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
Series	hw/display/artist: Fix out-of-buffer accesses found while fuzzing \| expand [0/3] hw/display/artist: Fix out-of-buffer accesses found while fuzzing [1/3] hw/display/artist: Check offset in draw_line to avoid buffer over-run [2/3] hw/display/artist: Refactor artist_rop8() to avoid buffer over-run [3/3] hw/display/artist: Check offset in block_move to avoid buffer over-read

Message ID

20200523191517.23684-1-f4bug@amsat.org

Headers

From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
To: Helge Deller <deller@gmx.de>, qemu-devel@nongnu.org,
 Richard Henderson <rth@twiddle.net>, Sven Schnelle <svens@stackframe.org>
Subject: [PATCH 0/3] hw/display/artist: Fix out-of-buffer accesses found while
 fuzzing
Date: Sat, 23 May 2020 21:15:14 +0200
Message-Id: <20200523191517.23684-1-f4bug@amsat.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a00:1450:4864:20::441;
 envelope-from=philippe.mathieu.daude@gmail.com; helo=mail-wr1-x441.google.com
X-Spam_score_int: -17
X-Spam_score: -1.8
X-Spam_bar: -
X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001,
 FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001 autolearn=_AUTOLEARN
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Alexander Bulekov <alxndr@bu.edu>,
 =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Series

hw/display/artist: Fix out-of-buffer accesses found while fuzzing | expand

Message

Philippe Mathieu-Daudé May 23, 2020, 7:15 p.m. UTC

Fix various out-of-range buffer access in the artist device
emulation. Bugs found using libFuzzer (docs/devel/fuzzing.txt).

Philippe Mathieu-Daudé (3):
  hw/display/artist: Check offset in draw_line to avoid buffer over-run
  hw/display/artist: Refactor artist_rop8() to avoid buffer over-run
  hw/display/artist: Check offset in block_move to avoid buffer
    over-read

 hw/display/artist.c | 54 +++++++++++++++++++++++++++++++--------------
 1 file changed, 37 insertions(+), 17 deletions(-)