On 03/08/2018 07:31 AM, Gerd Hoffmann wrote:
Typically the scanline length and the line offset are identical. But
case they are not our calculation for region_end is incorrect. Using
line_offset is fine for all scanlines, except the last one where we have
to use the actual scanline length.
Fix
+-- On Thu, 8 Mar 2018, Gerd Hoffmann wrote --+
| Typically the scanline length and the line offset are identical.
| But case
But in case ...
| Cc: Ross Lagerwall
s/Cc:/Reported-by: Ross Lagerwall ...
| Signed-off-by: Gerd Hoffmann
| ---
| hw/display/vga.c | 2 ++
| 1 file changed, 2 insert
Typically the scanline length and the line offset are identical. But
case they are not our calculation for region_end is incorrect. Using
line_offset is fine for all scanlines, except the last one where we have
to use the actual scanline length.
Fixes: CVE-2018-
Cc: P J P
Cc: Ross Lagerwall
Si
