Overview

File CVE-2017-13672-qemuu-fix.patch of Package xen.10697

--- sle12.orig/tools/qemu-xen-dir-remote/hw/display/vga_template.h	2018-10-09 00:00:00.000000000 +0200
+++ sle12/tools/qemu-xen-dir-remote/hw/display/vga_template.h	2018-10-09 11:59:41.775334153 +0200
@@ -352,7 +352,10 @@ static void glue(vga_draw_line15_, PIXEL
                                           uint32_t addr, int width)
 {
 #if DEPTH == 15 && defined(HOST_WORDS_BIGENDIAN) == defined(TARGET_WORDS_BIGENDIAN)
-    memcpy(d, (uint8_t *)addr, width * 2);
+    uint32_t offset = addr & vga->vbe_size_mask & ~1;
+    uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
+
+    memcpy(d, ptr, width * 2);
 #else
     int w;
     uint32_t v, r, g, b;
@@ -377,7 +380,10 @@ static void glue(vga_draw_line16_, PIXEL
                                           uint32_t addr, int width)
 {
 #if DEPTH == 16 && defined(HOST_WORDS_BIGENDIAN) == defined(TARGET_WORDS_BIGENDIAN)
-    memcpy(d, (uint8_t *)addr, width * 2);
+    uint32_t offset = addr & vga->vbe_size_mask & ~1;
+    uint16_t *ptr = (uint16_t *)(vga->vram_ptr + offset);
+
+    memcpy(d, ptr, width * 2);
 #else
     int w;
     uint32_t v, r, g, b;
@@ -428,7 +434,10 @@ static void glue(vga_draw_line32_, PIXEL
                                           uint32_t addr, int width)
 {
 #if DEPTH == 32 && defined(HOST_WORDS_BIGENDIAN) == defined(TARGET_WORDS_BIGENDIAN) && !defined(BGR_FORMAT)
-    memcpy(d, (uint8_t *)addr, width * 4);
+    uint32_t offset = addr & vga->vbe_size_mask & ~3;
+    uint32_t *ptr = (uint32_t *)(vga->vram_ptr + offset);
+
+    memcpy(d, ptr, width * 4);
 #else
     int w;
     uint32_t r, g, b;
openSUSE Build Service is sponsored by
Places