Hi, vmware-vga emulation lacks sanity checks in the hardware acceleration (blit + fill) functions. This patch series plugs the holes.
v3 changes: * throw badcmd errors in case the rectangles fail the sanity checks. v2 changes: * small whitespace fixup. * do fullscreen update on invalid update requests. cheers, Gerd Gerd Hoffmann (5): vmware-vga: CVE-2014-3689: turn off hw accel vmware-vga: add vmsvga_verify_rect vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect hw/display/vmware_vga.c | 116 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 78 insertions(+), 38 deletions(-) -- 1.8.3.1
