All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
To: Helge Deller <deller@gmx.de>,
	qemu-devel@nongnu.org, Richard Henderson <rth@twiddle.net>,
	Sven Schnelle <svens@stackframe.org>
Cc: "Alexander Bulekov" <alxndr@bu.edu>,
	"Philippe Mathieu-Daudé" <f4bug@amsat.org>
Subject: [PATCH 0/3] hw/display/artist: Fix out-of-buffer accesses found while fuzzing
Date: Sat, 23 May 2020 21:15:14 +0200	[thread overview]
Message-ID: <20200523191517.23684-1-f4bug@amsat.org> (raw)

Fix various out-of-range buffer access in the artist device
emulation. Bugs found using libFuzzer (docs/devel/fuzzing.txt).

Philippe Mathieu-Daudé (3):
  hw/display/artist: Check offset in draw_line to avoid buffer over-run
  hw/display/artist: Refactor artist_rop8() to avoid buffer over-run
  hw/display/artist: Check offset in block_move to avoid buffer
    over-read

 hw/display/artist.c | 54 +++++++++++++++++++++++++++++++--------------
 1 file changed, 37 insertions(+), 17 deletions(-)

-- 
2.21.3



             reply	other threads:[~2020-05-23 19:16 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-23 19:15 Philippe Mathieu-Daudé [this message]
2020-05-23 19:15 ` [PATCH 1/3] hw/display/artist: Check offset in draw_line to avoid buffer over-run Philippe Mathieu-Daudé
2020-05-23 19:15 ` [PATCH 2/3] hw/display/artist: Refactor artist_rop8() " Philippe Mathieu-Daudé
2020-05-23 19:15 ` [PATCH 3/3] hw/display/artist: Check offset in block_move to avoid buffer over-read Philippe Mathieu-Daudé

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200523191517.23684-1-f4bug@amsat.org \
    --to=f4bug@amsat.org \
    --cc=alxndr@bu.edu \
    --cc=deller@gmx.de \
    --cc=qemu-devel@nongnu.org \
    --cc=rth@twiddle.net \
    --cc=svens@stackframe.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.