38 lines
1.3 KiB
Diff
38 lines
1.3 KiB
Diff
From 71ee39ea06cbcbd1971213aa1f3a9036c50b6a57 Mon Sep 17 00:00:00 2001
|
|
From: Li Qiang <liqiang6-s@360.cn>
|
|
Date: Tue, 1 Nov 2016 02:53:11 -0700
|
|
Subject: [PATCH 02/12] virtio-gpu: fix information leak in getting capset info
|
|
dispatch
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't
|
|
been full initialized before writing to the guest. This will leak
|
|
the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This
|
|
patch fix this issue.
|
|
|
|
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
|
|
Message-id: 5818661e.0860240a.77264.7a56@mx.google.com
|
|
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
---
|
|
hw/display/virtio-gpu-3d.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
|
|
index 758d33a..23f39de 100644
|
|
--- a/hw/display/virtio-gpu-3d.c
|
|
+++ b/hw/display/virtio-gpu-3d.c
|
|
@@ -347,6 +347,7 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g,
|
|
|
|
VIRTIO_GPU_FILL_CMD(info);
|
|
|
|
+ memset(&resp, 0, sizeof(resp));
|
|
if (info.capset_index == 0) {
|
|
resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
|
|
virgl_renderer_get_cap_set(resp.capset_id,
|
|
--
|
|
2.1.4
|
|
|