WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Two small patches related to xenfb

from [Rafal Wojtczuk] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Two small patches related to xenfb
From: Rafal Wojtczuk <rafal@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 26 Sep 2008 16:05:48 +0200
Delivery-date: Fri, 26 Sep 2008 07:04:40 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.17 (2007-11-01) 
Hello,
Two minor issues:
row_stride_div0.patch: a malicious frontend can send row_stride==0 and force
qemu-dm to perform division by 0
vnc_resize_doublecheck.patch: there is an unchecked multiplication when
calculating framebuffer size. Cs 17630 sanitizes framebuffer dimensions
passed by the frontend, so most probably no integer overflow can happen, but
there should be a check for overflow close to the actual computation (to
make code review easier and to cope with other codepaths in the future). 

Diffs against xen-3.2-testing.hg.

Regards,
Rafal Wojtczuk
Principal Researcher
Invisible Things Lab

Attachment: row_stride_div0.patch
Description: Text document

Attachment: vnc_resize_doublecheck.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [PATCH] Add FreeBSD mappings guest heuristics., Gianluca Guida
Next by Date:  RE: [Xen-devel] [RFC][PATCH 0/2] MCA support for Intel64, Jiang, Yunhong
Previous by Thread:  [Xen-devel] [PATCH] Add FreeBSD mappings guest heuristics., Gianluca Guida
Next by Thread:  Re: [Xen-devel] Two small patches related to xenfb, Ian Jackson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy