rpms / qemu-kvm

Clone
Source Code
GIT

Blame SOURCES/kvm-qxl-check-release-info-object.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-rhel c8-sig-altarch-stream-rhel c8-stream-rhel c8s-stream-rhel c9 c9-beta
  1.   e6a3ae658eb858d46dac3f017c401a83bb6daf2f
  2.   SOURCES
  3.   kvm-qxl-check-release-info-object.patch
Blob History Raw
Pablo Greco e6a3ae 
From 56a21c3a967a6cbf99e2ecb2dff30d4dca759532 Mon Sep 17 00:00:00 2001
Pablo Greco e6a3ae 
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@redhat.com>
Pablo Greco e6a3ae 
Date: Thu, 20 Jun 2019 13:07:31 +0100
Pablo Greco e6a3ae 
Subject: [PATCH 1/2] qxl: check release info object
Pablo Greco e6a3ae 
MIME-Version: 1.0
Pablo Greco e6a3ae 
Content-Type: text/plain; charset=UTF-8
Pablo Greco e6a3ae 
Content-Transfer-Encoding: 8bit
Pablo Greco e6a3ae
Pablo Greco e6a3ae 
RH-Author: Philippe Mathieu-Daudé <philmd@redhat.com>
Pablo Greco e6a3ae 
Message-id: <20190620130731.18034-2-philmd@redhat.com>
Pablo Greco e6a3ae 
Patchwork-id: 88745
Pablo Greco e6a3ae 
O-Subject: [RHEL-8.1.0 qemu-kvm PATCH 1/1] qxl: check release info object
Pablo Greco e6a3ae 
Bugzilla: 1712705
Pablo Greco e6a3ae 
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
Pablo Greco e6a3ae 
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Pablo Greco e6a3ae 
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
Pablo Greco e6a3ae
Pablo Greco e6a3ae 
From: Prasad J Pandit <pjp@fedoraproject.org>
Pablo Greco e6a3ae
Pablo Greco e6a3ae 
When releasing spice resources in release_resource() routine,
Pablo Greco e6a3ae 
if release info object 'ext.info' is null, it leads to null
Pablo Greco e6a3ae 
pointer dereference. Add check to avoid it.
Pablo Greco e6a3ae
Pablo Greco e6a3ae 
Reported-by: Bugs SysSec <bugs-syssec@rub.de>
Pablo Greco e6a3ae 
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Pablo Greco e6a3ae 
Message-id: 20190425063534.32747-1-ppandit@redhat.com
Pablo Greco e6a3ae 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Pablo Greco e6a3ae 
(cherry picked from commit d52680fc932efb8a2f334cc6993e705ed1e31e99)
Pablo Greco e6a3ae 
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
Pablo Greco e6a3ae 
---
Pablo Greco e6a3ae 
 hw/display/qxl.c | 3 +++
Pablo Greco e6a3ae 
 1 file changed, 3 insertions(+)
Pablo Greco e6a3ae
Pablo Greco e6a3ae 
diff --git a/hw/display/qxl.c b/hw/display/qxl.c
Pablo Greco e6a3ae 
index b373c50..a8c953b 100644
Pablo Greco e6a3ae 
--- a/hw/display/qxl.c
Pablo Greco e6a3ae 
+++ b/hw/display/qxl.c
Pablo Greco e6a3ae 
@@ -776,6 +776,9 @@ static void interface_release_resource(QXLInstance *sin,
Pablo Greco e6a3ae 
     QXLReleaseRing *ring;
Pablo Greco e6a3ae 
     uint64_t *item, id;
Pablo Greco e6a3ae
Pablo Greco e6a3ae 
+    if (!ext.info) {
Pablo Greco e6a3ae 
+        return;
Pablo Greco e6a3ae 
+    }
Pablo Greco e6a3ae 
     if (ext.group_id == MEMSLOT_GROUP_HOST) {
Pablo Greco e6a3ae 
         /* host group -> vga mode update request */
Pablo Greco e6a3ae 
         QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id);
Pablo Greco e6a3ae 
--
Pablo Greco e6a3ae 
1.8.3.1
Pablo Greco e6a3ae

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation