Google Git
Sign in
qemu / qemu / 65d35a09979e63541afc5bfc595b9f1b1b4ae069
commit65d35a09979e63541afc5bfc595b9f1b1b4ae069[log] [tgz]
authoraurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>Sat Nov 01 00:53:39 2008 +0000
committeraurel32 <aurel32@c046a42c-6fe2-441c-8c8c-71466251a162>Sat Nov 01 00:53:39 2008 +0000
tree5098bbe7aae32fcc729cb89a77ed75a1f9773045
parent6d17c604c0fb35dd7d02b60dd99ce882264e68e5 [diff]
CVE-2008-4539: fix a heap overflow in Cirrus emulation

The code in hw/cirrus_vga.c has changed a lot between CVE-2007-1320 has
been announced and the patch has been applied. As a consequence it has
wrongly applied and QEMU is still vulnerable to this bug if using VNC.

(noticed by Jan Niehusmann)

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5587 c046a42c-6fe2-441c-8c8c-71466251a162
1 file changed
tree: 5098bbe7aae32fcc729cb89a77ed75a1f9773045
  1. audio/
  2. bsd-user/
  3. darwin-user/
  4. fpu/
  5. gdb-xml/
  6. hw/
  7. keymaps/
  8. linux-user/
  9. pc-bios/
  10. slirp/
  11. target-alpha/
  12. target-arm/
  13. target-cris/
  14. target-i386/
  15. target-m68k/
  16. target-mips/
  17. target-ppc/
  18. target-sh4/
  19. target-sparc/
  20. tcg/
  21. tests/
  22. .gitignore
  23. a.out.h
  24. aes.c
  25. aes.h
  26. aio.c
  27. alpha-dis.c
  28. alpha.ld
  29. arm-dis.c
  30. arm-semi.c
  31. arm.ld
  32. block-bochs.c
  33. block-cloop.c
  34. block-cow.c
  35. block-dmg.c
  36. block-nbd.c
  37. block-parallels.c
  38. block-qcow.c
  39. block-qcow2.c
  40. block-raw-posix.c
  41. block-raw-win32.c
  42. block-vmdk.c
  43. block-vpc.c
  44. block-vvfat.c
  45. block.c
  46. block.h
  47. block_int.h
  48. bswap.h
  49. bt-host.c
  50. bt-vhci.c
  51. buffered_file.c
  52. buffered_file.h
  53. Changelog
  54. check_ops.sh
  55. cocoa.m
  56. configure
  57. console.c
  58. console.h
  59. COPYING
  60. COPYING.LIB
  61. cpu-all.h
  62. cpu-defs.h
  63. cpu-exec.c
  64. cris-dis.c
  65. curses.c
  66. curses_keys.h
  67. cutils.c
  68. d3des.c
  69. d3des.h
  70. dis-asm.h
  71. disas.c
  72. disas.h
  73. dyngen-exec.h
  74. dyngen.c
  75. elf.h
  76. elf_ops.h
  77. exec-all.h
  78. exec.c
  79. feature_to_c.sh
  80. gdbstub.c
  81. gdbstub.h
  82. gen-icount.h
  83. host-utils.c
  84. host-utils.h
  85. hostregs_helper.h
  86. hpet.h
  87. hppa-dis.c
  88. hppa.ld
  89. i386-dis.c
  90. i386.ld
  91. ia64.ld
  92. keymaps.c
  93. kqemu.c
  94. kqemu.h
  95. LICENSE
  96. loader.c
  97. m68k-dis.c
  98. m68k-semi.c
  99. m68k.ld
  100. MAINTAINERS
  101. Makefile
  102. Makefile.target
  103. migration-tcp.c
  104. migration.c
  105. migration.h
  106. mips-dis.c
  107. mips.ld
  108. mipsel.ld
  109. monitor.c
  110. nbd.c
  111. nbd.h
  112. net-checksum.c
  113. net.c
  114. net.h
  115. osdep.c
  116. osdep.h
  117. ppc-dis.c
  118. ppc.ld
  119. ppc64.ld
  120. qemu-aio.h
  121. qemu-binfmt-conf.sh
  122. qemu-char.c
  123. qemu-char.h
  124. qemu-common.h
  125. qemu-doc.texi
  126. qemu-img.c
  127. qemu-img.texi
  128. qemu-lock.h
  129. qemu-log.h
  130. qemu-malloc.c
  131. qemu-nbd.c
  132. qemu-nbd.texi
  133. qemu-tech.texi
  134. qemu-timer.h
  135. qemu-tool.c
  136. qemu_socket.h
  137. readline.c
  138. README
  139. s390-dis.c
  140. s390.ld
  141. sdl.c
  142. sdl_keysym.h
  143. sh4-dis.c
  144. softmmu-semi.h
  145. softmmu_defs.h
  146. softmmu_exec.h
  147. softmmu_header.h
  148. softmmu_template.h
  149. sparc-dis.c
  150. sparc.ld
  151. sparc64.ld
  152. sys-queue.h
  153. sysemu.h
  154. tap-win32.c
  155. texi2pod.pl
  156. thunk.c
  157. thunk.h
  158. TODO
  159. translate-all.c
  160. uboot_image.h
  161. usb-linux.c
  162. VERSION
  163. vgafont.h
  164. vl.c
  165. vnc.c
  166. vnc_keysym.h
  167. vnchextile.h
  168. x86_64.ld
  169. x_keymap.c