parent
61dd8f57d1
commit
828eab12a2
|
@ -0,0 +1,41 @@
|
|||
From: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Date: Thu, 3 Dec 2015 18:54:17 +0530
|
||||
Subject: [PATCH] ui: vnc: avoid floating point exception
|
||||
|
||||
While sending 'SetPixelFormat' messages to a VNC server,
|
||||
the client could set the 'red-max', 'green-max' and 'blue-max'
|
||||
values to be zero. This leads to a floating point exception in
|
||||
write_png_palette while doing frame buffer updates.
|
||||
|
||||
Reported-by: Lian Yihan <lianyihan@360.cn>
|
||||
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
|
||||
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
|
||||
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
||||
(cherry picked from commit 4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3)
|
||||
---
|
||||
ui/vnc.c | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ui/vnc.c b/ui/vnc.c
|
||||
index caf82f5..52c6809 100644
|
||||
--- a/ui/vnc.c
|
||||
+++ b/ui/vnc.c
|
||||
@@ -2189,15 +2189,15 @@ static void set_pixel_format(VncState *vs,
|
||||
return;
|
||||
}
|
||||
|
||||
- vs->client_pf.rmax = red_max;
|
||||
+ vs->client_pf.rmax = red_max ? red_max : 0xFF;
|
||||
vs->client_pf.rbits = hweight_long(red_max);
|
||||
vs->client_pf.rshift = red_shift;
|
||||
vs->client_pf.rmask = red_max << red_shift;
|
||||
- vs->client_pf.gmax = green_max;
|
||||
+ vs->client_pf.gmax = green_max ? green_max : 0xFF;
|
||||
vs->client_pf.gbits = hweight_long(green_max);
|
||||
vs->client_pf.gshift = green_shift;
|
||||
vs->client_pf.gmask = green_max << green_shift;
|
||||
- vs->client_pf.bmax = blue_max;
|
||||
+ vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
|
||||
vs->client_pf.bbits = hweight_long(blue_max);
|
||||
vs->client_pf.bshift = blue_shift;
|
||||
vs->client_pf.bmask = blue_max << blue_shift;
|
|
@ -40,7 +40,7 @@
|
|||
Summary: QEMU is a FAST! processor emulator
|
||||
Name: qemu
|
||||
Version: 2.4.1
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Epoch: 2
|
||||
License: GPLv2+ and LGPLv2+ and BSD
|
||||
Group: Development/Tools
|
||||
|
@ -76,6 +76,8 @@ Patch0002: 0002-eepro100-Prevent-two-endless-loops.patch
|
|||
Patch0003: 0003-net-pcnet-add-check-to-validate-receive-data-size-CV.patch
|
||||
# CVE-2015-7512: Fix buffer overflow in pcnet (bz #1286549)
|
||||
Patch0004: 0004-pcnet-fix-rx-buffer-overflow-CVE-2015-7512.patch
|
||||
# vnc: avoid floating point exceptions (bz #1289541, bz #1289542)
|
||||
Patch0005: 0005-ui-vnc-avoid-floating-point-exception.patch
|
||||
|
||||
BuildRequires: SDL2-devel
|
||||
BuildRequires: zlib-devel
|
||||
|
@ -1208,6 +1210,9 @@ getent passwd qemu >/dev/null || \
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Dec 08 2015 Cole Robinson <crobinso@redhat.com> - 2:2.4.1-3
|
||||
- vnc: avoid floating point exceptions (bz #1289541, bz #1289542)
|
||||
|
||||
* Mon Dec 07 2015 Cole Robinson <crobinso@redhat.com> - 2:2.4.1-2
|
||||
- Fix SSE4 emulation with accel=tcg (bz #1270703)
|
||||
- CVE-2015-8345: Fix infinite loop in eepro100 (bz #1285214)
|
||||
|
|
Loading…
Reference in New Issue