On Tue, 28 Oct 2014 10:50:37 +0100 Gerd Hoffmann <kra...@redhat.com> wrote:
> Hi, > > vmware-vga emulation lacks sanity checks in the hardware acceleration > (blit + fill) functions. This patch series plugs the holes. > > v3 changes: > * throw badcmd errors in case the rectangles fail the sanity checks. > v2 changes: > * small whitespace fixup. > * do fullscreen update on invalid update requests. > > cheers, > Gerd > > Gerd Hoffmann (5): > vmware-vga: CVE-2014-3689: turn off hw accel > vmware-vga: add vmsvga_verify_rect > vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect > vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect > vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect > > hw/display/vmware_vga.c | 116 > ++++++++++++++++++++++++++++++++---------------- > 1 file changed, 78 insertions(+), 38 deletions(-) > > -- > 1.8.3.1 > Whole series looks good to me, now. A bit of a big hammer, but much better than before. I had started working on fixing the clipping a month ago. I might still do that based on this update which is a better base than the original. Thanks, Gerd. -d
