Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
qemu.8405
0268-vmsvga-don-t-process-more-than-1024.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0268-vmsvga-don-t-process-more-than-1024.patch of Package qemu.8405
From e496693967d7fd892f1bc2444b26591c2dd3aad7 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann <kraxel@redhat.com> Date: Mon, 30 May 2016 09:09:21 +0200 Subject: [PATCH] vmsvga: don't process more than 1024 fifo commands at once MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit vmsvga_fifo_run is called in regular intervals (on each display update) and will resume where it left off. So we can simply exit the loop, without having to worry about how processing will continue. Fixes: CVE-2016-4453 Cc: qemu-stable@nongnu.org Cc: P J P <ppandit@redhat.com> Reported-by: 李强 <liqiang6-s@360.cn> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Message-id: 1464592161-18348-5-git-send-email-kraxel@redhat.com (cherry picked from commit 4e68a0ee17dad7b8d870df0081d4ab2e079016c2) [BR: CVE-2016-4453 BSC#982223] Signed-off-by: Bruce Rogers <brogers@suse.com> --- hw/display/vmware_vga.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c index 7696cb4b41..4b955f5124 100644 --- a/hw/display/vmware_vga.c +++ b/hw/display/vmware_vga.c @@ -594,13 +594,13 @@ static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s) static void vmsvga_fifo_run(struct vmsvga_state_s *s) { uint32_t cmd, colour; - int args, len; + int args, len, maxloop = 1024; int x, y, dx, dy, width, height; struct vmsvga_cursor_definition_s cursor; uint32_t cmd_start; len = vmsvga_fifo_length(s); - while (len > 0) { + while (len > 0 && --maxloop > 0) { /* May need to go back to the start of the command if incomplete */ cmd_start = s->cmd->stop;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor