| Message ID | 1533815202-11967-10-git-send-email-liran.alon@oracle.com |
|---|---|
| State | New |
| Headers | show
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=nongnu.org (client-ip=2001:4830:134:3::11; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=<UNKNOWN>) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=oracle.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="VhJ0tNEn"; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41mRSf2XVfz9ryt for <incoming@patchwork.ozlabs.org>; Thu, 9 Aug 2018 21:52:18 +1000 (AEST) Received: from localhost ([::1]:50037 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>) id 1fnjUG-0008Py-1Y for incoming@patchwork.ozlabs.org; Thu, 09 Aug 2018 07:52:16 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56321) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <liran.alon@oracle.com>) id 1fnjPb-0004tm-Uj for qemu-devel@nongnu.org; Thu, 09 Aug 2018 07:47:30 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <liran.alon@oracle.com>) id 1fnjPZ-0007Cj-B0 for qemu-devel@nongnu.org; Thu, 09 Aug 2018 07:47:27 -0400 Received: from aserp2120.oracle.com ([141.146.126.78]:36856) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from <liran.alon@oracle.com>) id 1fnjPZ-0007CN-0I for qemu-devel@nongnu.org; Thu, 09 Aug 2018 07:47:25 -0400 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w79BiaXW178074; Thu, 9 Aug 2018 11:47:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references; s=corp-2018-07-02; bh=4o//vR9K5z9omKMhR2P+s7lUP9PQqo7koT6pHEdlb8U=; b=VhJ0tNEnOvW6cytPvA0xomM7ZTuMcGMlrwqmk5RIuGFgaSDY95mgyCwVrINAiuBnrfRa j2Y8dl65dEGPJd++QFE8wU9uxVH7j6dMHGvc3nFl40wbLPsh5d3a1JxFfHHbLQ3d40eU fk4q7ioKUPzTv40BJxQbZeOif+sUwPvhpUHmYEleOCQXnKpe5iTpEwv591TxzNUxWSFA z99GPYk0pqPmvVEwmpFwd7X7gxxv6zUDIUWm2TTPQrFGAsUz8wo6fhhNvy9xdw4wR8bk qqf+jldLIRt5Un2OFWd3W4NOMp4rMcAwwYiNV5UGFJIM4I4C1cF7DZweCyqoFm/j0ikk 2g== Received: from userv0022.oracle.com (userv0022.oracle.com [156.151.31.74]) by aserp2120.oracle.com with ESMTP id 2kn43p2uwm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 09 Aug 2018 11:47:23 +0000 Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0022.oracle.com (8.14.4/8.14.4) with ESMTP id w79BlNit006401 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 9 Aug 2018 11:47:23 GMT Received: from abhmp0014.oracle.com (abhmp0014.oracle.com [141.146.116.20]) by userv0122.oracle.com (8.14.4/8.14.4) with ESMTP id w79BlMHR032750; Thu, 9 Aug 2018 11:47:22 GMT Received: from liran-pc.ravello.local (/213.57.127.2) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Thu, 09 Aug 2018 04:47:22 -0700 From: Liran Alon <liran.alon@oracle.com> To: qemu-devel@nongnu.org Date: Thu, 9 Aug 2018 14:46:22 +0300 Message-Id: <1533815202-11967-10-git-send-email-liran.alon@oracle.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1533815202-11967-1-git-send-email-liran.alon@oracle.com> References: <1533815202-11967-1-git-send-email-liran.alon@oracle.com> X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8979 signatures=668707 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=894 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1808090123 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] [fuzzy] X-Received-From: 141.146.126.78 Subject: [Qemu-devel] [PATCH 09/29] vmsvga: Account for length of command word when parsing commands X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: <qemu-devel.nongnu.org> List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe> List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/> List-Post: <mailto:qemu-devel@nongnu.org> List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help> List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=subscribe> Cc: habkost@redhat.com, mtosatti@redhat.com, Liran Alon <liran.alon@oracle.com>, kraxel@redhat.com, pbonzini@redhat.com, rth@twiddle.net, Leonid Shatz <leonid.shatz@oracle.com> Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> |
| Series |
: vmsvga: Various fixes and enhancements
|
expand
|
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c index 675c8755ab48..b32a625ae9c2 100644 --- a/hw/display/vmware_vga.c +++ b/hw/display/vmware_vga.c @@ -731,9 +731,17 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s) * arguments so we can avoid FIFO desync */ case SVGA_CMD_RECT_ROP_FILL: /* deprecated */ + len -= 1; + if (len < 0) { + goto rewind; + } args = 6; goto badcmd; case SVGA_CMD_RECT_ROP_COPY: /* deprecated */ + len -= 1; + if (len < 0) { + goto rewind; + } args = 7; goto badcmd; case SVGA_CMD_DEFINE_ALPHA_CURSOR: @@ -761,6 +769,10 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s) args = 12; goto badcmd; case SVGA_CMD_FENCE: + len -= 1; + if (len < 0) { + goto rewind; + } args = 1; goto badcmd;