From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48705) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bji6j-0003MA-Qh for qemu-devel@nongnu.org; Tue, 13 Sep 2016 03:26:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bji6f-0008T6-RR for qemu-devel@nongnu.org; Tue, 13 Sep 2016 03:26:16 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37270) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bji6f-0008Sw-LX for qemu-devel@nongnu.org; Tue, 13 Sep 2016 03:26:13 -0400 Message-ID: <1473751567.11547.23.camel@redhat.com> From: Gerd Hoffmann Date: Tue, 13 Sep 2016 09:26:07 +0200 In-Reply-To: <1473338754-15430-1-git-send-email-ppandit@redhat.com> References: <1473338754-15430-1-git-send-email-ppandit@redhat.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH] vmsvga: correct bitmap and pixmap size checks List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: P J P Cc: Qemu Developers , Qinghao Tang , Li Qiang , Prasad J Pandit On Do, 2016-09-08 at 18:15 +0530, P J P wrote: > From: Prasad J Pandit >=20 > When processing svga command DEFINE_CURSOR in vmsvga_fifo_run, > the computed BITMAP and PIXMAP size are checked against the > 'cursor.mask[]' and 'cursor.image[]' array sizes in bytes. > Correct these checks to avoid OOB memory access. Added to vga patch queue. thanks, Gerd