diff options
| author | Juergen Lock <nox@FreeBSD.org> | 2008-11-02 22:59:10 +0000 |
|---|---|---|
| committer | Juergen Lock <nox@FreeBSD.org> | 2008-11-02 22:59:10 +0000 |
| commit | 6bc005ce5945dd2ba664d07fef62ec9108649eee (patch) | |
| tree | bdb6b8c354826a397a1598e9d5906b1b585dff7f /emulators/qemu-devel | |
| parent | f51226346915b698429c5b2e4ad3d4d4e17bc6ac (diff) | |
Fix heap overflow in Cirrus emulation
Obtained from: qemu svn
Security: http://www.vuxml.org/freebsd/07bb3bd2-a920-11dd-8503-0211060005df.html
Notes
Notes:
svn path=/head/; revision=222341
Diffstat (limited to 'emulators/qemu-devel')
| -rw-r--r-- | emulators/qemu-devel/Makefile | 2 | ||||
| -rw-r--r-- | emulators/qemu-devel/files/patch-CVE-2008-4539 | 27 |
2 files changed, 28 insertions, 1 deletions
diff --git a/emulators/qemu-devel/Makefile b/emulators/qemu-devel/Makefile index 3cd4951c5614..841502d644c2 100644 --- a/emulators/qemu-devel/Makefile +++ b/emulators/qemu-devel/Makefile @@ -7,7 +7,7 @@ PORTNAME= qemu PORTVERSION= 0.9.1s.20080620 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= emulators MASTER_SITES= http://bellard.org/qemu/:release \ http://qemu-forum.ipi.fi/qemu-snapshots/:snapshot \ diff --git a/emulators/qemu-devel/files/patch-CVE-2008-4539 b/emulators/qemu-devel/files/patch-CVE-2008-4539 new file mode 100644 index 000000000000..c2348bd4cf91 --- /dev/null +++ b/emulators/qemu-devel/files/patch-CVE-2008-4539 @@ -0,0 +1,27 @@ +Index: qemu/hw/cirrus_vga.c +=================================================================== +--- trunk/hw/cirrus_vga.c 2008-11-01 00:53:30 UTC (rev 5586) ++++ trunk/hw/cirrus_vga.c 2008-11-01 00:53:39 UTC (rev 5587) +@@ -785,15 +785,14 @@ + + static int cirrus_bitblt_videotovideo_copy(CirrusVGAState * s) + { ++ if (BLTUNSAFE(s)) ++ return 0; ++ + if (s->ds->dpy_copy) { + cirrus_do_copy(s, s->cirrus_blt_dstaddr - s->start_addr, + s->cirrus_blt_srcaddr - s->start_addr, + s->cirrus_blt_width, s->cirrus_blt_height); + } else { +- +- if (BLTUNSAFE(s)) +- return 0; +- + (*s->cirrus_rop) (s, s->vram_ptr + + (s->cirrus_blt_dstaddr & s->cirrus_addr_mask), + s->vram_ptr + + + + + |