diff options
| author | nox <nox@FreeBSD.org> | 2008-11-03 06:59:10 +0800 |
|---|---|---|
| committer | nox <nox@FreeBSD.org> | 2008-11-03 06:59:10 +0800 |
| commit | 23ff2a8b0b28304bd0a1e04685860a1e4235bc1f (patch) | |
| tree | 4725dc2ed6958dd7e929a0a758da98b6953494bc /emulators/qemu-devel | |
| parent | 3a92e907d8198c4855b8aafa1dae61f518f1a4ff (diff) | |
| download | freebsd-ports-gnome-23ff2a8b0b28304bd0a1e04685860a1e4235bc1f.tar.gz freebsd-ports-gnome-23ff2a8b0b28304bd0a1e04685860a1e4235bc1f.tar.zst freebsd-ports-gnome-23ff2a8b0b28304bd0a1e04685860a1e4235bc1f.zip | |
Fix heap overflow in Cirrus emulation
Obtained from: qemu svn
Security: http://www.vuxml.org/freebsd/07bb3bd2-a920-11dd-8503-0211060005df.html
Diffstat (limited to 'emulators/qemu-devel')
| -rw-r--r-- | emulators/qemu-devel/Makefile | 2 | ||||
| -rw-r--r-- | emulators/qemu-devel/files/patch-CVE-2008-4539 | 27 |
2 files changed, 28 insertions, 1 deletions
diff --git a/emulators/qemu-devel/Makefile b/emulators/qemu-devel/Makefile index 3cd4951c5614..841502d644c2 100644 --- a/emulators/qemu-devel/Makefile +++ b/emulators/qemu-devel/Makefile @@ -7,7 +7,7 @@ PORTNAME= qemu PORTVERSION= 0.9.1s.20080620 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= emulators MASTER_SITES= http://bellard.org/qemu/:release \ http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \ diff --git a/emulators/qemu-devel/files/patch-CVE-2008-4539 b/emulators/qemu-devel/files/patch-CVE-2008-4539 new file mode 100644 index 000000000000..c2348bd4cf91 --- /dev/null +++ b/emulators/qemu-devel/files/patch-CVE-2008-4539 @@ -0,0 +1,27 @@ +Index: qemu/hw/cirrus_vga.c +=================================================================== +--- trunk/hw/cirrus_vga.c 2008-11-01 00:53:30 UTC (rev 5586) ++++ trunk/hw/cirrus_vga.c 2008-11-01 00:53:39 UTC (rev 5587) +@@ -785,15 +785,14 @@ + + static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s) + { ++ if (BLTUNSAFE(s)) ++ return 0; ++ + if (s->ds->dpy_copy) { + cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->start_addr, + s->cirrus_blt_srcaddr - s->start_addr, + s->cirrus_blt_width, s->cirrus_blt_height); + } else { +- +- if (BLTUNSAFE(s)) +- return 0; +- + (*s->cirrus_rop) (s, s->vram_ptr + + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), + s->vram_ptr + + + + + |