pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-31 02:41:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
baffae02e9
spice/server
History
Frediano Ziglio baffae02e9 improve primary surface parameter checks 
Primary surface, as additional surfaces, can be used to access
host memory from the guest using invalid parameters.

The removed warning is not enough to prevent all cases. Also a warning
is not enough to stop an escalation to happen.
The red_validate_surface do different checks to make sure surface
request is valid and not cause possible buffer/integer overflows:
- format is valid;
- width is not large to cause overflow compared to stride;
- stride is not -2^31 (a number which negate is still <0);
- stride * height does not overflow.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1312980.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
2016-07-01 15:27:09 +02:00
..
tests replay: better help for -s option 2016-01-07 18:18:15 +01:00
.gitignore Update the .gitignore files for the new manual, 2015-12-11 18:39:27 +01:00
agent-msg-filter.c server: Add support for filtering out agent file-xfer msgs (rhbz#961848) 2013-06-06 16:07:30 +02:00
agent-msg-filter.h server: Add support for filtering out agent file-xfer msgs (rhbz#961848) 2013-06-06 16:07:30 +02:00
char_device.c server: Use PRI macros in printf for 32/64 bit compatibility 2016-01-13 12:08:17 +01:00
char_device.h Add missing license headers 2015-12-11 18:41:19 +01:00
demarshallers.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
dispatcher.c server/dispatcher: add extra_dispatcher, hack for red_record 2015-08-20 17:47:24 +01:00
dispatcher.h Add missing license headers 2015-12-11 18:41:19 +01:00
glz_encode_match_tmpl.c Remove use of INLINE 2015-08-20 17:10:49 +01:00
glz_encode_tmpl.c remove wrong statement terminator from preprocessor macro 2015-08-25 16:26:49 +01:00
glz_encoder_config.h Remove use of INLINE 2015-08-20 17:10:49 +01:00
glz_encoder_dictionary_protected.h glz: WindowImageSegment lines lines_end as void* 2015-08-20 11:09:00 +01:00
glz_encoder_dictionary.c fix spelling mistakes in comments (reseting to resetting & dummym to dummy) 2015-12-11 18:39:31 +01:00
glz_encoder_dictionary.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
glz_encoder.c Remove use of INLINE 2015-08-20 17:10:49 +01:00
glz_encoder.h syntax-check: Don't use tabs for indentation 2015-12-11 18:39:49 +01:00
inputs_channel.c server/inputs_channel: Cope with NULL keyboard in release_keys() 2015-08-12 10:28:57 +02:00
inputs_channel.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
jpeg_encoder.c mjpeg and jpeg encoder: fix alignment warnings 2015-08-20 11:22:59 +01:00
jpeg_encoder.h Remove trailing whitespace from end of lines 2012-01-13 18:11:59 +02:00
lz4_encoder.c LZ4: Send the original format with the compressed data 2015-02-03 10:39:16 +01:00
lz4_encoder.h LZ4: Send the original format with the compressed data 2015-02-03 10:39:16 +01:00
main_channel.c Remove unused struct RedsOutItem 2015-08-11 17:24:36 +02:00
main_channel.h Move RedsMigSpice to main-channel.h 2015-08-11 17:24:36 +02:00
main_dispatcher.c Add missing license headers 2015-12-11 18:41:19 +01:00
main_dispatcher.h Add missing license headers 2015-12-11 18:41:19 +01:00
Makefile.am build-sys: Adjust to new spice-common spice-deps.m4 2015-12-11 18:42:18 +01:00
migration_protocol.h migration_protocol: use SPICE_MAGIC_CONST 2015-08-20 10:54:56 +01:00
mjpeg_encoder.c remove small leak in MJPEG code 2015-12-11 18:41:58 +01:00
mjpeg_encoder.h server: Remove the rate_control_is_active field from MJpegEncoder. 2015-06-29 18:04:12 +02:00
red_bitmap_utils.h improve performances comparing image pixels 2015-09-04 11:04:09 +01:00
red_channel.c red-channel: make red_client_{ref,unref} thread safe 2016-04-14 12:11:21 +02:00
red_channel.h RedChannel: remove unused BufDescriptor struct 2015-08-11 17:24:36 +02:00
red_client_cache.h Use the spice-common logging functions 2012-03-25 19:00:00 +02:00
red_client_shared_cache.h Lock the pixmap image cache for the entire fill_bits call 2015-06-29 13:21:14 +02:00
red_common.h server: remove useless includes 2015-10-02 10:13:45 +01:00
red_dispatcher.c display: Advertise preferred compression cap 2015-09-24 11:06:42 +02:00
red_dispatcher.h Adjust to new SpiceImageCompress name 2015-07-29 17:40:48 +02:00
red_memslots.c memslot: do not crash if guest provide a wrong address 2016-03-29 11:54:24 +02:00
red_memslots.h server: remove memslot unused functions 2013-10-01 16:23:59 +02:00
red_parse_qxl.c factor out red_validate_surface function to validate surface parameters 2016-07-01 14:46:11 +02:00
red_parse_qxl.h factor out red_validate_surface function to validate surface parameters 2016-07-01 14:46:11 +02:00
red_record_qxl.c server: Use '%zu' to print size_t variables 2016-01-13 12:08:17 +01:00
red_record_qxl.h server/red_{record, replay}.[ch]: introduce 2015-08-21 09:38:44 +01:00
red_replay_qxl.c server: Fix conversions between QXLPHYSICAL and pointers 2016-01-13 12:08:17 +01:00
red_replay_qxl.h server/red_{record, replay}.[ch]: introduce 2015-08-21 09:38:44 +01:00
red_time.h Add missing license headers 2015-12-11 18:41:19 +01:00
red_worker.c improve primary surface parameter checks 2016-07-01 15:27:09 +02:00
red_worker.h server: remove hardcoded RED_MAX_RENDERERS 2015-09-01 14:17:10 +01:00
reds_gl_canvas.c Remove unused SPICE_CANVAS_INTERNAL 2014-12-03 18:32:04 +01:00
reds_gl_canvas.h Remove unused SPICE_CANVAS_INTERNAL 2014-12-03 18:32:04 +01:00
reds_stream.c syntax-check: Don't use tabs for indentation 2015-12-11 18:39:49 +01:00
reds_stream.h reds-stream: add reds_stream_get_family() function 2015-01-15 18:29:36 +01:00
reds_sw_canvas.c Remove unused SPICE_CANVAS_INTERNAL 2014-12-03 18:32:04 +01:00
reds_sw_canvas.h Remove unused SPICE_CANVAS_INTERNAL 2014-12-03 18:32:04 +01:00
reds-private.h Remove spice_server_set_keepalive_timeout 2016-03-10 16:49:36 +01:00
reds.c Revert "Set TCP_KEEPINTVL when enabling TCP keepalive" 2016-04-14 17:09:22 +02:00
reds.h Move RedsMigSpice to main-channel.h 2015-08-11 17:24:36 +02:00
smartcard.c smartcard: include libcacard.h if possible 2015-12-11 18:49:10 +01:00
smartcard.h Remove spice-experimental 2015-01-15 18:34:26 +01:00
snd_worker.c pass proper type to SPICE_CONTAINEROF 2016-01-13 12:08:17 +01:00
snd_worker.h Remove unused snd_get_playback_compression() method 2015-08-11 17:24:36 +02:00
spice_bitmap_utils.c Add missing license headers 2015-12-11 18:41:19 +01:00
spice_bitmap_utils.h server: move surface_format_to_image_type to spice_bitmap_utils 2013-08-14 12:08:04 +03:00
spice_image_cache.c Add missing license headers 2015-12-11 18:41:19 +01:00
spice_image_cache.h Add missing license headers 2015-12-11 18:41:19 +01:00
spice_server_utils.h Add missing license headers 2015-12-11 18:41:19 +01:00
spice_timer_queue.c spice_timer_queue: fix access after free 2015-09-03 10:25:13 +01:00
spice_timer_queue.h server: spice_timer_queue 2013-04-22 16:30:54 -04:00
spice-audio.h Split spice.h 2014-11-27 14:27:18 +01:00
spice-char.h Split spice.h 2014-11-27 14:27:18 +01:00
spice-core.h Split spice.h 2014-11-27 14:27:18 +01:00
spice-experimental.h Add missing license headers 2015-12-11 18:41:19 +01:00
spice-input.h Split spice.h 2014-11-27 14:27:18 +01:00
spice-migration.h Move spice_server_get_num_clients() declaration 2014-11-27 15:03:38 +01:00
spice-qxl.h server: allows to set maximum monitors 2015-06-26 16:17:42 +02:00
spice-server.h Remove spice_server_set_keepalive_timeout 2016-03-10 16:49:36 +01:00
spice-server.syms Remove spice_server_set_keepalive_timeout 2016-03-10 16:49:36 +01:00
spice-version.h.in build-sys: generate spice-version.h 2014-11-27 14:27:33 +01:00
spice.h Split spice.h 2014-11-27 14:27:18 +01:00
spicevmc.c spicevmc: Drop unsent data on client disconnection 2016-01-13 12:08:17 +01:00
stat.h Remove trailing blank lines 2012-01-13 18:11:59 +02:00
zlib_encoder.c Use the spice-common logging functions 2012-03-25 19:00:00 +02:00
zlib_encoder.h applying zlib compression over glz on WAN connection 2010-06-21 15:05:37 +02:00