rpms/kvm/F-10 kvm-cirrus-boundary-check.patch, NONE, 1.1 kvm.spec, 1.75, 1.76

Thu Dec 4 23:40:30 UTC 2008

Author: glommer

Update of /cvs/pkgs/rpms/kvm/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9655

Modified Files:
	kvm.spec 
Added Files:
	kvm-cirrus-boundary-check.patch 
Log Message:

Fixed bug that corrupted gnome-panel #474703



kvm-cirrus-boundary-check.patch:

--- NEW FILE kvm-cirrus-boundary-check.patch ---
>From e8d87ad8a6144122e7721a6dbd3db4ff01ab1b19 Mon Sep 17 00:00:00 2001
From: Glauber Costa <glommer at redhat.com>
Date: Thu, 4 Dec 2008 16:30:30 -0500
Subject: [PATCH] do boundary check based on absolute value

For backward operations, dstpitch and srcpitch can
be negative. This leads BLTUNSAFE macro into an
overflow, and as a result, it avoids performing
operations that are perfectly valid.

The visible effect that led to that patch was the gnome-panel
bar in Fedora10. Before this patch, you could see garbage
clobbering a big portion of the bar.

After this patch, this garbage is gone.

Signed-off-by: Glauber Costa <glommer at redhat.com>
---
 hw/cirrus_vga.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

Index: kvm-65/qemu/hw/cirrus_vga.c
===================================================================
--- kvm-65.orig/qemu/hw/cirrus_vga.c
+++ kvm-65/qemu/hw/cirrus_vga.c
@@ -224,15 +224,17 @@
 #define CIRRUS_HOOK_NOT_HANDLED 0
 #define CIRRUS_HOOK_HANDLED 1
 
+#define ABS(a) ((signed)(a) > 0 ? a : -a)
+
 #define BLTUNSAFE(s) \
     ( \
         ( /* check dst is within bounds */ \
-            (s)->cirrus_blt_height * (s)->cirrus_blt_dstpitch \
+            (s)->cirrus_blt_height * ABS((s)->cirrus_blt_dstpitch) \
                 + ((s)->cirrus_blt_dstaddr & (s)->cirrus_addr_mask) > \
                     (s)->vram_size \
         ) || \
         ( /* check src is within bounds */ \
-            (s)->cirrus_blt_height * (s)->cirrus_blt_srcpitch \
+            (s)->cirrus_blt_height * ABS((s)->cirrus_blt_srcpitch) \
                 + ((s)->cirrus_blt_srcaddr & (s)->cirrus_addr_mask) > \
                     (s)->vram_size \
         ) \


Index: kvm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kvm/F-10/kvm.spec,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- kvm.spec	2 Dec 2008 15:57:02 -0000	1.75
+++ kvm.spec	4 Dec 2008 23:39:59 -0000	1.76
@@ -1,7 +1,7 @@
 Summary: Kernel-based Virtual Machine
 Name: kvm
 Version: 74
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: Development/Tools
 URL: http://%{name}.sf.net
@@ -16,6 +16,7 @@
 Patch5: %{name}-cirrus-cve-2008-4539.patch
 Patch6: %{name}-restore-option-rom.patch
 Patch7: %{name}-int13.patch
+Patch8: %{name}-cirrus-boundary-check.patch
 # patches from upstream qemu
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: SDL-devel
@@ -144,6 +145,9 @@
 %{_sysconfdir}/sysconfig/modules/%{name}.modules
 
 %changelog
+* Thu Dec 04 2008 Glauber Costa <glommer at redhat.com> - 74-9
+- Fixed bug that corrupted gnome-panel #474703
+
 * Tue Dec 02 2008 Glauber Costa <glommer at redhat.com> - 74-8
 - Properly set flags for interrupt return #474059
 


