[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 15/26] cirrus_vga: fix potential memory overflow
From: |
Gerd Hoffmann |
Subject: |
[PULL 15/26] cirrus_vga: fix potential memory overflow |
Date: |
Thu, 13 Oct 2022 08:52:13 +0200 |
From: lu zhipeng <luzhipeng@cestc.cn>
Signed-off-by: lu zhipeng <luzhipeng@cestc.cn>
Message-Id: <20220929122352.1891-1-luzhipeng@cestc.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/cirrus_vga.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 3bb6a58698c1..2577005d03ce 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -834,7 +834,7 @@ static void cirrus_bitblt_cputovideo_next(CirrusVGAState *
s)
word alignment, so we keep them for the next line */
/* XXX: keep alignment to speed up transfer */
end_ptr = s->cirrus_bltbuf + s->cirrus_blt_srcpitch;
- copy_count = s->cirrus_srcptr_end - end_ptr;
+ copy_count = MIN(s->cirrus_srcptr_end - end_ptr,
CIRRUS_BLTBUFSIZE);
memmove(s->cirrus_bltbuf, end_ptr, copy_count);
s->cirrus_srcptr = s->cirrus_bltbuf + copy_count;
s->cirrus_srcptr_end = s->cirrus_bltbuf +
s->cirrus_blt_srcpitch;
--
2.37.3
- [PULL 00/26] Kraxel 20221013 patches, Gerd Hoffmann, 2022/10/13
- [PULL 01/26] audio: refactor code in audio_run_out(), Gerd Hoffmann, 2022/10/13
- [PULL 02/26] audio: fix GUS audio playback with out.mixing-engine=off, Gerd Hoffmann, 2022/10/13
- [PULL 03/26] audio: run downstream playback queue unconditionally, Gerd Hoffmann, 2022/10/13
- [PULL 04/26] alsaaudio: reduce playback latency, Gerd Hoffmann, 2022/10/13
- [PULL 06/26] spiceaudio: add a pcm_ops buffer_get_free function, Gerd Hoffmann, 2022/10/13
- [PULL 07/26] spiceaudio: update comment, Gerd Hoffmann, 2022/10/13
- [PULL 08/26] audio: swap audio_rate_get_bytes() function parameters, Gerd Hoffmann, 2022/10/13
- [PULL 15/26] cirrus_vga: fix potential memory overflow,
Gerd Hoffmann <=
- [PULL 23/26] qemu-edid: Restrict input parameter -d to avoid division by zero, Gerd Hoffmann, 2022/10/13
- [PULL 05/26] audio: add more audio rate control functions, Gerd Hoffmann, 2022/10/13
- [PULL 10/26] audio: refactor audio_get_avail(), Gerd Hoffmann, 2022/10/13
- [PULL 12/26] audio: prevent an integer overflow in resampling code, Gerd Hoffmann, 2022/10/13
- [PULL 16/26] docs: add firmware feature flags, Gerd Hoffmann, 2022/10/13
- [PULL 17/26] pci-ids: drop PCI_DEVICE_ID_VIRTIO_IOMMU, Gerd Hoffmann, 2022/10/13
- [PULL 22/26] ui/gtk: Fix the implicit mouse ungrabbing logic, Gerd Hoffmann, 2022/10/13
- [PULL 19/26] pci-ids: drop PCI_DEVICE_ID_VIRTIO_PMEM, Gerd Hoffmann, 2022/10/13
- [PULL 20/26] pci-ids: drop list of modern virtio devices, Gerd Hoffmann, 2022/10/13
- [PULL 13/26] ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext, Gerd Hoffmann, 2022/10/13