xemu/hw at b87a7355de04a2771c11824ea791802c052c979c - xemu - Gitea: Git with a cup of tea

xemu-project/xemu

mirror of https://github.com/xemu-project/xemu.git synced 2025-02-21 21:12:31 +00:00

History

Philippe Mathieu-Daudé b87a7355de hw/display/artist: Check offset in draw_line to avoid buffer over-run

Invalid I/O writes can craft an offset out of the vram_buffer range.

We avoid:

  Program terminated with signal SIGSEGV, Segmentation fault.
  284             *dst &= ~plane_mask;
  (gdb) bt
  #0  0x000055d5dccdc5c0 in artist_rop8 (s=0x55d5defee510, dst=0x7f8e84ed8216 <error: Cannot access memory at address 0x7f8e84ed8216>, val=0 '\000') at hw/display/artist.c:284
  #1  0x000055d5dccdcf83 in fill_window (s=0x55d5defee510, startx=22, starty=5674, width=65, height=5697) at hw/display/artist.c:551
  #2  0x000055d5dccddfb9 in artist_reg_write (opaque=0x55d5defee510, addr=1051140, val=4265537, size=4) at hw/display/artist.c:902
  #3  0x000055d5dcb42a7c in memory_region_write_accessor (mr=0x55d5defeea10, addr=1051140, value=0x7ffe57db08c8, size=4, shift=0, mask=4294967295, attrs=...) at memory.c:483

Reported-by: LLVM libFuzzer
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Helge Deller <deller@gmx.de>

2020-08-26 23:04:00 +02:00

..

virtio-9p: Use ERRP_GUARD()

2020-07-10 15:18:09 +02:00

ACPI: Assert that we don't run out of the preallocated memory

2020-07-27 16:12:10 +01:00

hw/adc/stm32f2xx_adc: Correct memory region size and access size

2020-06-05 17:23:09 +01:00

sysbus: Convert to sysbus_realize() etc. with Coccinelle

2020-06-15 22:05:28 +02:00

hw/arm/boot: Fix MTE for EL3 direct kernel boot

2020-07-27 16:12:10 +01:00

audio: set default value for pcspk.iobase property

2020-07-06 17:01:11 +02:00

hw/avr/boot: Fix memory leak in avr_load_firmware()

2020-07-21 16:13:04 +02:00

qom: Change object_get_canonical_path_component() not to malloc

2020-07-21 16:23:43 +02:00

hw/char: Convert the Ibex UART to use the registerfields API

2020-07-13 17:25:37 -07:00

hw/pci-host: save/restore pci host config register

2020-07-27 10:24:39 -04:00

error: Eliminate error_propagate() with Coccinelle, part 1

2020-07-10 15:18:08 +02:00

sysbus: Convert to sysbus_realize() etc. with Coccinelle

2020-06-15 22:05:28 +02:00

hw/display/artist: Check offset in draw_line to avoid buffer over-run

2020-08-26 23:04:00 +02:00

hw: Mark nd_table[] misuse in realize methods FIXME

2020-07-21 08:41:15 +02:00

error: Eliminate error_propagate() with Coccinelle, part 1

2020-07-10 15:18:08 +02:00

hw/hppa/lasi: Don't abort on invalid IMR value

2020-08-26 23:04:00 +02:00

error: Avoid unnecessary error_propagate() after error_setg()

2020-07-10 15:18:08 +02:00

hw/i2c: Rename i2c_create_slave() as i2c_slave_create_simple()

2020-07-16 12:30:54 -05:00

hw/pci-host: save/restore pci host config register

2020-07-27 10:24:39 -04:00

qom: Put name parameter before value / visitor parameter

2020-07-10 15:18:08 +02:00

hw/input/virtio-input-hid.c: Don't undef CONFIG_CURSES

2020-07-24 16:15:28 +02:00

apic: Report current_count via 'info lapic'

2020-07-10 19:26:55 -04:00

qdev: Unrealize must not fail

2020-05-15 07:08:14 +02:00

ipmi: add SET_SENSOR_READING command

2020-07-17 11:39:46 -05:00

error: Eliminate error_propagate() with Coccinelle, part 1

2020-07-10 15:18:08 +02:00

sysbus: Convert to sysbus_realize() etc. with Coccinelle

2020-06-15 22:05:28 +02:00

qom: Put name parameter before value / visitor parameter

2020-07-10 15:18:08 +02:00

qom: Change object_get_canonical_path_component() not to malloc

2020-07-21 16:23:43 +02:00

error: Eliminate error_propagate() with Coccinelle, part 1

2020-07-10 15:18:08 +02:00

error: Eliminate error_propagate() with Coccinelle, part 1

2020-07-10 15:18:08 +02:00

hw/misc/aspeed_sdmc: Fix incorrect memory size

2020-07-27 16:12:10 +01:00

…

virtio-net: check the existence of peer before accessing vDPA config

2020-07-28 16:57:58 +08:00

hw/nios2: exit to main CPU loop only when unmasking interrupts

2020-07-13 14:36:11 +01:00

hw: Remove unnecessary DEVICE() cast

2020-05-15 07:08:52 +02:00

hw/nvram/fw_cfg: Let fw_cfg_add_from_generator() return boolean value

2020-07-21 16:47:54 +02:00

sysbus: Convert to sysbus_realize() etc. with Coccinelle

2020-06-15 22:05:28 +02:00

hw/pci-host: save/restore pci host config register

2020-07-27 10:24:39 -04:00

sysbus: Convert to sysbus_realize() etc. with Coccinelle

2020-06-15 22:05:28 +02:00

xen: Use ERRP_GUARD()

2020-07-10 15:18:09 +02:00

sysbus: Convert to sysbus_realize() etc. with Coccinelle

2020-06-15 22:05:28 +02:00

pseries: fix kvmppc_set_fwnmi()

2020-07-27 11:09:25 +10:00

lockable: Replace locks with lock guard macros

2020-05-04 16:07:43 +01:00

hw/riscv: sifive_e: Correct debug block size

2020-07-22 09:39:46 -07:00

goldfish_rtc: Fix non-atomic read behaviour of TIME_LOW/TIME_HIGH

2020-07-22 09:39:46 -07:00

qom: Put name parameter before value / visitor parameter

2020-07-10 15:18:08 +02:00

s390x/s390-virtio-ccw: fix loadparm property getter

2020-07-24 08:49:53 +02:00

error: Avoid error_propagate() after migrate_add_blocker()

2020-07-10 15:18:08 +02:00

sd/milkymist-memcard: Fix format string

2020-07-24 15:03:09 +02:00

semihosting: don't send the trailing '\0'

2020-07-27 09:40:08 +01:00

hw/sh4: Extract timer definitions to 'hw/timer/tmu012.h'

2020-06-22 18:37:12 +02:00

error: Eliminate error_propagate() with Coccinelle, part 1

2020-07-10 15:18:08 +02:00

qom: Put name parameter before value / visitor parameter

2020-07-10 15:18:08 +02:00

qom: Put name parameter before value / visitor parameter

2020-07-10 15:18:08 +02:00

ssi: Add ssi_realize_and_unref()

2020-07-03 16:59:44 +01:00

hw/timer: avr: Add limited support for 16-bit timer peripheral

2020-07-11 11:02:05 +02:00

tpm: tpm_spapr: Exit on TPM backend failures

2020-07-15 14:57:33 -04:00

…

hw/unicore32/puv3: Use qemu_log_mask(ERROR) instead of debug printf()

2020-06-09 19:01:56 +02:00

hw: Only compile the usb-dwc2 controller if it is really needed

2020-07-24 16:15:28 +02:00

vfio: fix use-after-free in display

2020-07-16 10:20:12 +02:00

virtio-pci: fix wrong index in virtio_pci_queue_enabled

2020-07-28 16:54:46 +08:00

hw/watchdog/cmsdk-apb-watchdog: Add trace event for lock status

2020-06-23 11:39:47 +01:00

osdep.h: Always include <sys/signal.h> if it exists

2020-07-13 14:36:09 +01:00

…

qdev: Make qdev_prop_set_drive() match the other helpers

2020-06-23 16:07:07 +02:00

Kconfig

hw/avr: Add limited support for some Arduino boards

2020-07-11 11:02:05 +02:00

Makefile.objs

vga: build qxl as module

2020-07-07 15:33:59 +02:00