On Mon, 2017-10-09 at 12:55 +0100, David Buchanan wrote: > I might be mistaken, but I don't think this patch actually fixes > CVE-2017-13672. I tested the latest git repo (last commit 530049bc1d) > against my initial reproducer, and QEMU still segfaults.
Hmm, no segfault here. Tried gtk, sdl, vnc, spice. How do you start qemu? Which user interface? > I think this is because the actual OOB read occurs inside pixman, > which > of course is not affected by this patch. Perhaps bounds checks need > to > be applied to the arguments passed into pixman? Hmm, 24bpp modes are typically not handled by pixman (at least not in a way that qemu creates a pixman image backed by vga memory). Have you seen a stacktrace with pixman in there? Care to share it? thanks, Gerd
