|
Revision tags: v8.0.2, v8.0.1, v7.2.3 |
|
| #
4c93ce54 |
| 23-May-2023 |
Mauro Matteo Cascella <mcascell@redhat.com> |
ui/cursor: make width/height unsigned 16-bit integer
Although not actually exploitable at the moment, a negative width/height
could make datasize wrap around and potentially lead to buffer overflow.
ui/cursor: make width/height unsigned 16-bit integer
Although not actually exploitable at the moment, a negative width/height
could make datasize wrap around and potentially lead to buffer overflow.
Since there is no reason a negative width/height is ever appropriate,
modify QEMUCursor struct and cursor_alloc prototype to accept uint16_t.
This protects us against accidentally introducing future bugs.
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reported-by: Jacek Halon <jacek.halon@gmail.com>
Reported-by: Yair Mizrahi <yairh33@gmail.com>
Reported-by: Elsayed El-Refa'ei <e.elrefaei99@gmail.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230523163023.608121-1-mcascell@redhat.com>
show more ...
|
|
Revision tags: v8.0.2, v8.0.1, v7.2.3 |
|
| #
4c93ce54 |
| 23-May-2023 |
Mauro Matteo Cascella <mcascell@redhat.com> |
ui/cursor: make width/height unsigned 16-bit integer
Although not actually exploitable at the moment, a negative width/height
could make datasize wrap around and potentially lead to buffer overflow.
ui/cursor: make width/height unsigned 16-bit integer
Although not actually exploitable at the moment, a negative width/height
could make datasize wrap around and potentially lead to buffer overflow.
Since there is no reason a negative width/height is ever appropriate,
modify QEMUCursor struct and cursor_alloc prototype to accept uint16_t.
This protects us against accidentally introducing future bugs.
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reported-by: Jacek Halon <jacek.halon@gmail.com>
Reported-by: Yair Mizrahi <yairh33@gmail.com>
Reported-by: Elsayed El-Refa'ei <e.elrefaei99@gmail.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230523163023.608121-1-mcascell@redhat.com>
show more ...
|
|
Revision tags: v7.2.2, v8.0.0, v8.0.0-rc4, v8.0.0-rc3, v7.2.1, v8.0.0-rc2, v8.0.0-rc1, v8.0.0-rc0 |
|
| #
2512a026 |
| 17-Jan-2023 |
Marc-André Lureau <marcandre.lureau@redhat.com> |
ui: rename cursor_{get->ref}, return it
The naming is more conventional in QEMU code, and allows to simplify
some code by changing the API design, so it returns the input parameter,
instead of void.
ui: rename cursor_{get->ref}, return it
The naming is more conventional in QEMU code, and allows to simplify
some code by changing the API design, so it returns the input parameter,
instead of void.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
show more ...
|
| #
f4579e28 |
| 17-Jan-2023 |
Marc-André Lureau <marcandre.lureau@redhat.com> |
ui: rename cursor_{put->unref}
The naming is more conventional in QEMU.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
Revision tags: v7.2.0, v7.2.0-rc4, v7.2.0-rc3, v7.2.0-rc2, v7.2.0-rc1, v7.2.0-rc0, v7.1.0, v7.1.0-rc4, v7.1.0-rc3, v7.1.0-rc2, v7.1.0-rc1, v7.1.0-rc0, v7.0.0, v7.0.0-rc4 |
|
| #
fa892e9a |
| 07-Apr-2022 |
Mauro Matteo Cascella <mcascell@redhat.com> |
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
Prevent potential integer overflow by limiting 'width' and 'height' to
512x512. Also change 'datasize' type to size_t. Refer to securi
ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)
Prevent potential integer overflow by limiting 'width' and 'height' to
512x512. Also change 'datasize' type to size_t. Refer to security
advisory https://starlabs.sg/advisories/22-4206/ for more information.
Fixes: CVE-2021-4206
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220407081712.345609-1-mcascell@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
show more ...
|
|
Revision tags: v7.0.0-rc3, v7.0.0-rc2, v7.0.0-rc1, v7.0.0-rc0, v6.1.1, v6.2.0, v6.2.0-rc4, v6.2.0-rc3, v6.2.0-rc2, v6.2.0-rc1, v6.2.0-rc0, v6.0.1, v6.1.0, v6.1.0-rc4, v6.1.0-rc3, v6.1.0-rc2, v6.1.0-rc1, v6.1.0-rc0, v6.0.0, v6.0.0-rc5, v6.0.0-rc4, v6.0.0-rc3, v6.0.0-rc2, v6.0.0-rc1, v6.0.0-rc0, v5.2.0, v5.2.0-rc4, v5.2.0-rc3, v5.2.0-rc2, v5.2.0-rc1, v5.2.0-rc0, v5.0.1, v5.1.0, v5.1.0-rc3, v5.1.0-rc2, v5.1.0-rc1, v5.1.0-rc0, v4.2.1, v5.0.0, v5.0.0-rc4, v5.0.0-rc3, v5.0.0-rc2, v5.0.0-rc1, v5.0.0-rc0, v4.2.0, v4.2.0-rc5, v4.2.0-rc4, v4.2.0-rc3, v4.2.0-rc2, v4.1.1, v4.2.0-rc1, v4.2.0-rc0, v4.0.1, v3.1.1.1, v4.1.0, v4.1.0-rc5, v4.1.0-rc4, v3.1.1, v4.1.0-rc3, v4.1.0-rc2, v4.1.0-rc1, v4.1.0-rc0 |
|
| #
a8d25326 |
| 23-May-2019 |
Markus Armbruster <armbru@redhat.com> |
Include qemu-common.h exactly where needed
No header includes qemu-common.h after this commit, as prescribed by
qemu-common.h's file comment.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Me
Include qemu-common.h exactly where needed
No header includes qemu-common.h after this commit, as prescribed by
qemu-common.h's file comment.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20190523143508.25387-5-armbru@redhat.com>
[Rebased with conflicts resolved automatically, except for
include/hw/arm/xlnx-zynqmp.h hw/arm/nrf51_soc.c hw/arm/msf2-soc.c
block/qcow2-refcount.c block/qcow2-cluster.c block/qcow2-cache.c
target/arm/cpu.h target/lm32/cpu.h target/m68k/cpu.h target/mips/cpu.h
target/moxie/cpu.h target/nios2/cpu.h target/openrisc/cpu.h
target/riscv/cpu.h target/tilegx/cpu.h target/tricore/cpu.h
target/unicore32/cpu.h target/xtensa/cpu.h; bsd-user/main.c and
net/tap-bsd.c fixed up]
show more ...
|
|
Revision tags: v4.0.0, v4.0.0-rc4, v3.0.1, v4.0.0-rc3, v4.0.0-rc2, v4.0.0-rc1, v4.0.0-rc0, v3.1.0, v3.1.0-rc5, v3.1.0-rc4, v3.1.0-rc3, v3.1.0-rc2, v3.1.0-rc1, v3.1.0-rc0 |
|
| #
36ffc122 |
| 03-Sep-2018 |
Peter Wu <peter@lekensteyn.nl> |
qxl: support mono cursors with inverted colors
Monochrome cursors are still used by Windows guests with the
QXL-WDDM-DOD driver. Such cursor types have one odd feature, inversion
of colors. GDK does
qxl: support mono cursors with inverted colors
Monochrome cursors are still used by Windows guests with the
QXL-WDDM-DOD driver. Such cursor types have one odd feature, inversion
of colors. GDK does not seem to support it, so implement an alternative
solution: fill the inverted pixels and add an outline to make the cursor
more visible. Tested with the text cursor in Notepad and Windows 10.
cursor_set_mono is also used by the vmware GPU, so add a special check
to avoid breaking its 32bpp format (tested with Kubuntu 14.04.4). I was
unable to find a guest which supports the 1bpp format with a vmware GPU.
The old implementation was buggy and removed in v2.10.0-108-g79c5a10cdd
("qxl: drop mono cursor support"), this version improves upon that by
adding bounds validation, clarifying the semantics of the two masks and
adds a workaround for inverted colors support.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1611984
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
Message-id: 20180903145447.17142-1-peter@lekensteyn.nl
[ kraxel: minor codestyle fix ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
show more ...
|
|
Revision tags: v3.0.0, v3.0.0-rc4, v2.12.1, v3.0.0-rc3, v3.0.0-rc2, v3.0.0-rc1, v3.0.0-rc0, v2.11.2, v2.12.0, v2.12.0-rc4, v2.12.0-rc3, v2.12.0-rc2, v2.12.0-rc1, v2.12.0-rc0, v2.11.1, v2.10.2, v2.11.0, v2.11.0-rc5, v2.11.0-rc4, v2.11.0-rc3, v2.11.0-rc2, v2.11.0-rc1 |
|
| #
a89f364a |
| 08-Nov-2017 |
Alistair Francis <alistair.francis@xilinx.com> |
Replace all occurances of __FUNCTION__ with __func__
Replace all occurs of __FUNCTION__ except for the check in checkpatch
with the non GCC specific __func__.
One line in hcd-musb.c was manually tw
Replace all occurances of __FUNCTION__ with __func__
Replace all occurs of __FUNCTION__ except for the check in checkpatch
with the non GCC specific __func__.
One line in hcd-musb.c was manually tweaked to pass checkpatch.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
[THH: Removed hunks related to pxa2xx_mmci.c (fixed already)]
Signed-off-by: Thomas Huth <thuth@redhat.com>
show more ...
|
|
Revision tags: v2.11.0-rc0, v2.10.1, v2.9.1, v2.10.0, v2.10.0-rc4, v2.10.0-rc3, v2.10.0-rc2, v2.10.0-rc1, v2.10.0-rc0 |
|
| #
935b3332 |
| 22-Jun-2017 |
Marc-André Lureau <marcandre.lureau@redhat.com> |
ui: use DIV_ROUND_UP
I used the clang-tidy qemu-round check to generate the fix:
https://github.com/elmarco/clang-tools-extra
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed
ui: use DIV_ROUND_UP
I used the clang-tidy qemu-round check to generate the fix:
https://github.com/elmarco/clang-tools-extra
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <rth@twiddle.net>
show more ...
|
|
Revision tags: v2.8.1.1, v2.9.0, v2.9.0-rc5, v2.9.0-rc4, v2.9.0-rc3, v2.8.1, v2.9.0-rc2, v2.9.0-rc1, v2.9.0-rc0, v2.7.1, v2.8.0, v2.8.0-rc4, v2.8.0-rc3, v2.8.0-rc2, v2.8.0-rc1, v2.8.0-rc0, v2.6.2, v2.7.0, v2.7.0-rc5, v2.7.0-rc4, v2.6.1, v2.7.0-rc3, v2.7.0-rc2, v2.7.0-rc1, v2.7.0-rc0 |
|
| #
9be38598 |
| 13-Jun-2016 |
Eduardo Habkost <ehabkost@redhat.com> |
coccinelle: Remove unnecessary variables for function return value
Use Coccinelle script to replace 'ret = E; return ret' with
'return E'. The script will do the substitution only when the
function
coccinelle: Remove unnecessary variables for function return value
Use Coccinelle script to replace 'ret = E; return ret' with
'return E'. The script will do the substitution only when the
function return type and variable type are the same.
Manual fixups:
* audio/audio.c: coding style of "read (...)" and "write (...)"
* block/qcow2-cluster.c: wrap line to make it shorter
* block/qcow2-refcount.c: change indentation of wrapped line
* target-tricore/op_helper.c: fix coding style of
"remainder|quotient"
* target-mips/dsp_helper.c: reverted changes because I don't
want to argue about checkpatch.pl
* ui/qemu-pixman.c: fix line indentation
* block/rbd.c: restore blank line between declarations and
statements
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <1465855078-19435-4-git-send-email-ehabkost@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Unused Coccinelle rule name dropped along with a redundant comment;
whitespace touched up in block/qcow2-cluster.c; stale commit message
paragraph deleted]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
show more ...
|
|
Revision tags: v2.6.0, v2.5.1.1, v2.6.0-rc5, v2.6.0-rc4, v2.6.0-rc3, v2.6.0-rc2, v2.6.0-rc1, v2.6.0-rc0, v2.5.1 |
|
| #
e16f4c87 |
| 29-Jan-2016 |
Peter Maydell <peter.maydell@linaro.org> |
ui: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.
This commit was created with scripts/clean-includes.
Signed-off-by
ui: Clean up includes
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.
This commit was created with scripts/clean-includes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1454089805-5470-2-git-send-email-peter.maydell@linaro.org
show more ...
|
|
Revision tags: v2.5.0, v2.5.0-rc4, v2.5.0-rc3, v2.5.0-rc2, v2.5.0-rc1, v2.5.0-rc0, v2.4.1, v2.4.0.1, v2.4.0, v2.3.1, v2.4.0-rc4, v2.4.0-rc3, v2.4.0-rc2, v2.4.0-rc1, v2.4.0-rc0, v2.3.0, v2.3.0-rc4, v2.3.0-rc3, v2.3.0-rc2, v2.3.0-rc1, v2.3.0-rc0, v2.2.1, v2.1.3, v2.2.0, v2.2.0-rc5, v2.2.0-rc4, v2.2.0-rc3, v2.2.0-rc2, v2.2.0-rc1, v2.2.0-rc0, v2.1.2, v2.1.1, v2.0.2, v2.0.1, v2.1.0, v2.1.0-rc5, v2.1.0-rc4, v2.1.0-rc3, v1.7.2, v2.1.0-rc2, v2.1.0-rc1, v2.1.0-rc0, v2.0.0, v2.0.0-rc3, v2.0.0-rc2, v2.0.0-rc1, v2.0.0-rc0, v1.7.1, v1.6.2, v1.7.0, v1.7.0-rc2, v1.7.0-rc1, v1.7.0-rc0, v1.6.1, v1.5.3, v1.6.0, v1.6.0-rc3, v1.6.0-rc2, v1.6.0-rc1, v1.6.0-rc0, v1.5.2, v1.5.1, v1.4.2, v1.5.0, v1.5.0-rc3, v1.5.0-rc2, v1.5.0-rc1, v1.5.0-rc0, v1.4.1, v1.4.0, v1.4.0-rc2, v1.4.0-rc1, v1.4.0-rc0, v1.3.1, v1.2.2, v1.3.0, v1.3.0-rc2 |
|
| #
28ecbaee |
| 28-Nov-2012 |
Paolo Bonzini <pbonzini@redhat.com> |
ui: move files to ui/ and include/ui/
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|