|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [qemu-xen staging] vfio: fix use-after-free in display
commit 8ec1415935ff4214ef9b47448ff7ac52cfa8b77e
Author: Gerd Hoffmann <kraxel@xxxxxxxxxx>
AuthorDate: Mon Jul 13 14:45:20 2020 +0200
Commit: Gerd Hoffmann <kraxel@xxxxxxxxxx>
CommitDate: Thu Jul 16 10:20:12 2020 +0200
vfio: fix use-after-free in display
Calling ramfb_display_update() might replace the DisplaySurface with the
boot display, which in turn will free the currently active
DisplaySurface.
So clear our DisplaySurface pinter (dpy->region.surface pointer) to (a)
avoid use-after-free and (b) force replacing the boot display with the
real display when switching back.
Signed-off-by: Gerd Hoffmann <kraxel@xxxxxxxxxx>
Reviewed-by: Alex Williamson <alex.williamson@xxxxxxxxxx>
Acked-by: Alex Williamson <alex.williamson@xxxxxxxxxx>
Message-id: 20200713124520.23266-1-kraxel@xxxxxxxxxx
---
hw/vfio/display.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/vfio/display.c b/hw/vfio/display.c
index a57a22674d..342054193b 100644
--- a/hw/vfio/display.c
+++ b/hw/vfio/display.c
@@ -405,6 +405,7 @@ static void vfio_display_region_update(void *opaque)
if (!plane.drm_format || !plane.size) {
if (dpy->ramfb) {
ramfb_display_update(dpy->con, dpy->ramfb);
+ dpy->region.surface = NULL;
}
return;
}
--
generated by git-patchbot for /home/xen/git/qemu-xen.git#staging
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |