Commit b3bbe959 authored by Peter Maydell's avatar Peter Maydell
Browse files

Merge remote-tracking branch 'remotes/kraxel/tags/vga-20180125-pull-request' into staging 



vga: fix for CVE-2018-5683

# gpg: Signature made Thu 25 Jan 2018 09:33:23 GMT
# gpg:                using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/vga-20180125-pull-request:
  vga: check the validation of memory addr when draw text

Signed-off-by: default avatarPeter Maydell <peter.maydell@linaro.org>
parents 0f79bfe3 191f59dc

hw/display/vga.c

+3 −0
Original line number Diff line number Diff line
@@ -1279,6 +1279,9 @@ static void vga_draw_text(VGACommonState *s, int full_update) 
        cx_min = width;

        cx_max = -1;

        for(cx = 0; cx < width; cx++) {

            if (src + sizeof(uint16_t) > s->vram_ptr + s->vram_size) {

                break;

            }

            ch_attr = *(uint16_t *)src;

            if (full_update || ch_attr != *ch_attr_ptr || src == cursor_ptr) {

                if (cx < cx_min)