diff options
Diffstat (limited to 'meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch')
-rw-r--r-- | meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch deleted file mode 100644 index c49a5e9a2a..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2019-12155.patch +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | From d52680fc932efb8a2f334cc6993e705ed1e31e99 Mon Sep 17 00:00:00 2001 | ||
2 | From: Prasad J Pandit <pjp@fedoraproject.org> | ||
3 | Date: Thu, 25 Apr 2019 12:05:34 +0530 | ||
4 | Subject: [PATCH] qxl: check release info object | ||
5 | |||
6 | When releasing spice resources in release_resource() routine, | ||
7 | if release info object 'ext.info' is null, it leads to null | ||
8 | pointer dereference. Add check to avoid it. | ||
9 | |||
10 | Reported-by: Bugs SysSec <bugs-syssec@rub.de> | ||
11 | Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> | ||
12 | Message-id: 20190425063534.32747-1-ppandit@redhat.com | ||
13 | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> | ||
14 | |||
15 | Upstream-Status: Backport | ||
16 | CVE: CVE-2019-12155 | ||
17 | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> | ||
18 | --- | ||
19 | hw/display/qxl.c | 3 +++ | ||
20 | 1 file changed, 3 insertions(+) | ||
21 | |||
22 | diff --git a/hw/display/qxl.c b/hw/display/qxl.c | ||
23 | index c8ce5781e03..632923add23 100644 | ||
24 | --- a/hw/display/qxl.c | ||
25 | +++ b/hw/display/qxl.c | ||
26 | @@ -777,6 +777,9 @@ static void interface_release_resource(QXLInstance *sin, | ||
27 | QXLReleaseRing *ring; | ||
28 | uint64_t *item, id; | ||
29 | |||
30 | + if (!ext.info) { | ||
31 | + return; | ||
32 | + } | ||
33 | if (ext.group_id == MEMSLOT_GROUP_HOST) { | ||
34 | /* host group -> vga mode update request */ | ||
35 | QXLCommandExt *cmdext = (void *)(intptr_t)(ext.info->id); | ||