vmsvga: don't process more than 1024 fifo commands at once
vmsvga_fifo_run is called in regular intervals (on each display update)
and will resume where it left off. So we can simply exit the loop,
without having to worry about how processing will continue.
Fixes: CVE-2016-4453
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id:
1464592161-18348-5-git-send-email-kraxel@redhat.com
(cherry picked from commit
4e68a0ee17dad7b8d870df0081d4ab2e079016c2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
projects / thirdparty / qemu.git / commit
