]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e895095) | patch
hw/display/qxl-render: fix qxl_unpack_chunks() chunk size calculation
authorMichael Tokarev <mjt@tls.msk.ru>
Fri, 21 Feb 2025 13:48:56 +0000 (16:48 +0300)
committerPhilippe Mathieu-Daudé <philmd@linaro.org>
Tue, 29 Jul 2025 11:56:39 +0000 (13:56 +0200)
commit8e8cb3b5722babe7e7b597b3805bf09f24ed6979
tree937bb80a8575c171d222486083d96322e266aa19tree
parente895095c78ab877d40df2dd31ee79d85757d963bcommit | diff
hw/display/qxl-render: fix qxl_unpack_chunks() chunk size calculation

In case of multiple chunks, code in qxl_unpack_chunks() takes size of the
wrong (next in the chain) chunk, instead of using current chunk size.
This leads to wrong number of bytes being copied, and to crashes if next
chunk size is larger than the current one.

Based on the code by Gao Yong.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1628
Tested-by: Thaddeus Hogan <thaddeus@thogan.com>
Tested-by: Vadim Zeitlin <vadim@wxwidgets.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250221134856.478806-1-mjt@tls.msk.ru>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
hw/display/qxl-render.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git