[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Two small patches related to xenfb

To: xen-devel@xxxxxxxxxxxxxxxxxxx
From: Rafal Wojtczuk <rafal@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 26 Sep 2008 16:05:48 +0200
Delivery-date: Fri, 26 Sep 2008 07:04:40 -0700
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Hello,
Two minor issues:
row_stride_div0.patch: a malicious frontend can send row_stride==0 and force
qemu-dm to perform division by 0
vnc_resize_doublecheck.patch: there is an unchecked multiplication when
calculating framebuffer size. Cs 17630 sanitizes framebuffer dimensions
passed by the frontend, so most probably no integer overflow can happen, but
there should be a check for overflow close to the actual computation (to
make code review easier and to cope with other codepaths in the future). 

Diffs against xen-3.2-testing.hg.

Regards,
Rafal Wojtczuk
Principal Researcher
Invisible Things Lab

Attachment: row_stride_div0.patch
Description: Text document

Attachment: vnc_resize_doublecheck.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Follow-Ups:
- Re: [Xen-devel] Two small patches related to xenfb
  - From: Gerd Hoffmann
- Re: [Xen-devel] Two small patches related to xenfb
  - From: Ian Jackson

Prev by Date: [Xen-devel] [PATCH] Add FreeBSD mappings guest heuristics.
Next by Date: RE: [Xen-devel] [RFC][PATCH 0/2] MCA support for Intel64
Previous by thread: [Xen-devel] [PATCH] Add FreeBSD mappings guest heuristics.
Next by thread: Re: [Xen-devel] Two small patches related to xenfb
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.