hw/display/sm501: Avoid heap overflow in sm501_2d_operation()

[PATCH-for-5.0 0/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation()

Philippe Mathieu-Daudé posted 2 patches 4 years, 1 month ago

Download series mbox

Test docker-mingw@fedora passed

Test docker-quick@centos7 passed

Test checkpatch passed

Test FreeBSD passed

Test asan passed

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20200411091453.30371-1-f4bug@amsat.org

hw/display/sm501.c           |   6 ++
tests/qtest/sm501-test.c     | 106 +++++++++++++++++++++++++++++++++++
tests/qtest/Makefile.include |   2 +
3 files changed, 114 insertions(+)
create mode 100644 tests/qtest/sm501-test.c

Expand all Fold all

[PATCH-for-5.0 0/2] hw/display/sm501: Avoid heap overflow in sm501_2d_operation()

Posted by Philippe Mathieu-Daudé 4 years, 1 month ago

I once setup a Bugzilla 'Component Watching' rule on 'QEMU + CVE',
and recently found a notification for BZ#1786026 about a heap
overflow in sm501_2d_operation():
https://bugzilla.redhat.com/show_bug.cgi?id=1786026
As this is from december I suppose there was some embargo that
recently expired. Apparently there is a CVE assigned but the
information about it is private.
I'm not sure the upstream community is already aware of this
problem, but since we are in hard freeze and the bug can easily
be avoided, I believe a 3-lines patch is appropriate.

Philippe Mathieu-Daudé (2):
  hw/display/sm501: Avoid heap overflow in sm501_2d_operation()
  qtest: Test the Drawing Engine of the SM501 companion

 hw/display/sm501.c           |   6 ++
 tests/qtest/sm501-test.c     | 106 +++++++++++++++++++++++++++++++++++
 tests/qtest/Makefile.include |   2 +
 3 files changed, 114 insertions(+)
 create mode 100644 tests/qtest/sm501-test.c

-- 
2.21.1