summaryrefslogtreecommitdiff
path: root/hw/display/ssd0323.c
AgeCommit message (Collapse)Author
2014-05-05ssd0323: fix buffer overun on invalid state loadMichael S. Tsirkin
CVE-2013-4538 s->cmd_len used as index in ssd0323_transfer() to store 32-bit field. Possible this field might then be supplied by guest to overwrite a return addr somewhere. Same for row/col fields, which are indicies into framebuffer array. To fix validate after load. Additionally, validate that the row/col_start/end are within bounds; otherwise the guest can provoke an overrun by either setting the _end field so large that the row++ increments just walk off the end of the array, or by setting the _start value to something bogus and then letting the "we hit end of row" logic reset row to row_start. For completeness, validate mode as well. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Juan Quintela <quintela@redhat.com>
2014-03-12ssi: Convert legacy SSI_SLAVE -> DEVICE castsPeter Crosthwaite
Convert legacy ->qdev style casts from TYPE_SSI_SLAVE to TYPE_DEVICE. Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com> [AF: Introduce local DeviceState variable for transition to QOM realize] Signed-off-by: Andreas Färber <afaerber@suse.de>
2014-03-05console: add head to index to qemu consoles.Gerd Hoffmann
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-25console: add device link to QemuConsolesGerd Hoffmann
So it is possible to figure which qemu console displays which device. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16console: add GraphicHwOpsGerd Hoffmann
Pass a single GraphicHwOps struct pointer to graphic_console_init, instead of a bunch of function pointers. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2013-04-16console: simplify screendumpGerd Hoffmann
Screendumps are alot simpler as we can update non-active QemuConsoles now. So we only need to update the QemuConsole we want write out, then dump the DisplaySurface content into a ppm file. Done. No console switching needed. No special support code in the gfx card emulation needed. Zap it all. Also move ppm_save out of the vga code and next to the qmp_screendump function. For now screen dumping is limited to console #0 (like it used to be), even though it is dead simple to extend it to other consoles. I wanna finish the console cleanup before setting new qapi interfaces into stone. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Igor Mitsyanko <i.mitsyanko@gmail.com>
2013-04-08hw: move target-independent files to subdirectoriesPaolo Bonzini
This patch tackles all files that are compiled once, moving them to subdirectories of hw/. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 22:48:43 +0000