On 09/10/17 13:56, Gerd Hoffmann wrote:
> How do you start
> qemu? Which user interface?
Like this:
qemu-system-x86_64 -vga cirrus [disk image]
(which I assume is using the GTK interface)
I have attached the reproducer NASM source and disk image.
Note that the reproducer is using VBE.
> Have y
I might be mistaken, but I don't think this patch actually fixes
CVE-2017-13672. I tested the latest git repo (last commit 530049bc1d)
against my initial reproducer, and QEMU still segfaults.
I think this is because the actual OOB read occurs inside pixman, which
of course is not affected by this
On Mon, 2017-10-09 at 12:55 +0100, David Buchanan wrote:
> I might be mistaken, but I don't think this patch actually fixes
> CVE-2017-13672. I tested the latest git repo (last commit 530049bc1d)
> against my initial reproducer, and QEMU still segfaults.
Hmm, no segfault here. Tried gtk, sdl, vnc
Instead pass around the address (aka offset into vga memory).
Add vga_read_* helper functions which apply vbe_size_mask to
the address, to make sure the address stays within the valid
range, similar to the cirrus blitter fixes (commits ffaf857778
and 026aeffcb4).
Impact: DoS for privileged guest
