aboutsummaryrefslogtreecommitdiff
path: root/device_tree.c
diff options
context:
space:
mode:
authorHelge Deller <deller@gmx.de>2020-08-09 15:35:38 +0200
committerHelge Deller <deller@gmx.de>2020-08-26 23:04:00 +0200
commita501bfc91763d4642390090dd4e6039d67b63702 (patch)
tree9f08327c2140d275764971be59ad6511b69a15eb /device_tree.c
parent8bd0d5b5ef0552d66968a8fdefc5a9080eb358e3 (diff)
downloadqemu-a501bfc91763d4642390090dd4e6039d67b63702.zip
qemu-a501bfc91763d4642390090dd4e6039d67b63702.tar.gz
qemu-a501bfc91763d4642390090dd4e6039d67b63702.tar.bz2
hw/display/artist: Prevent out of VRAM buffer accesses
Simplify various bounds checks by changing parameters like row and column numbers to become unsigned instead of signed. With that we can check if the calculated offset is bigger than the size of the VRAM region and bail out if not. Reported-by: LLVM libFuzzer Reported-by: Alexander Bulekov <alxndr@bu.edu> Buglink: https://bugs.launchpad.net/qemu/+bug/1880326 Buglink: https://bugs.launchpad.net/qemu/+bug/1890310 Buglink: https://bugs.launchpad.net/qemu/+bug/1890311 Buglink: https://bugs.launchpad.net/qemu/+bug/1890312 Buglink: https://bugs.launchpad.net/qemu/+bug/1890370 Acked-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Helge Deller <deller@gmx.de>
Diffstat (limited to 'device_tree.c')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.1 at 2025-01-16 02:00:31 +0000