)]}'
{
  "commit": "c035d5eadf400670593a76778f98f052d7482968",
  "tree": "23f5fa030dab67b4c86ca79c2cf82fa5215b2c8a",
  "parents": [
    "6f23dde620efa2de1cf3c56dfb474a20d9ce876d"
  ],
  "author": {
    "name": "Marc-André Lureau",
    "email": "marcandre.lureau@redhat.com",
    "time": "Wed Mar 11 01:26:53 2026 +0400"
  },
  "committer": {
    "name": "Marc-André Lureau",
    "email": "marcandre.lureau@redhat.com",
    "time": "Tue Mar 17 21:15:10 2026 +0400"
  },
  "message": "virtio-gpu: fix overflow check when allocating 2d image\n\nThe calc_image_hostmem() comment says pixman_image_create_bits() checks\nfor overflow. However, this relied on the facts that \"bits\" was NULL and\nit performed it when it was introduced. Since commit 9462ff4695aa, the\n\"bits\" argument can be provided and the check is no longer applied.\n\nPromotes the computation to uint64_t and adds an explicit overflow check\nto avoid potential later OOB read/write on the image data.\n\nFixes: CVE-2026-3886\nFixes: ZDI-CAN-27578\nFixes: 9462ff4695aa (\"virtio-gpu/win32: allocate shareable 2d resources/images\")\nReported-by: Zero Day Initiative \u003czdi-disclosures@trendmicro.com\u003e\nSigned-off-by: Marc-André Lureau \u003cmarcandre.lureau@redhat.com\u003e\nReviewed-by: Akihiko Odaki \u003codaki@rsg.ci.i.u-tokyo.ac.jp\u003e\nMessage-Id: \u003c20260311-cve-v1-1-f72b4c7c1ab2@redhat.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "de7a86a73d21ffc98db2695b4ef81c9bd3e8a4fb",
      "old_mode": 33188,
      "old_path": "hw/display/virtio-gpu.c",
      "new_id": "468ea6ab0fb1719e018e4334141c2fdc5220a1a0",
      "new_mode": 33188,
      "new_path": "hw/display/virtio-gpu.c"
    }
  ]
}
