rpms/kvm/F-9 kvm-cirrus-boundary-check.patch, NONE, 1.1 kvm.spec, 1.63, 1.64

Thu Dec 4 23:41:14 UTC 2008

Author: glommer

Update of /cvs/pkgs/rpms/kvm/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9759

Modified Files:
	kvm.spec 
Added Files:
	kvm-cirrus-boundary-check.patch 
Log Message:
Fixed bug that corrupted gnome-panel #474702



kvm-cirrus-boundary-check.patch:

--- NEW FILE kvm-cirrus-boundary-check.patch ---
>From e8d87ad8a6144122e7721a6dbd3db4ff01ab1b19 Mon Sep 17 00:00:00 2001
From: Glauber Costa <glommer at redhat.com>
Date: Thu, 4 Dec 2008 16:30:30 -0500
Subject: [PATCH] do boundary check based on absolute value

For backward operations, dstpitch and srcpitch can
be negative. This leads BLTUNSAFE macro into an
overflow, and as a result, it avoids performing
operations that are perfectly valid.

The visible effect that led to that patch was the gnome-panel
bar in Fedora10. Before this patch, you could see garbage
clobbering a big portion of the bar.

After this patch, this garbage is gone.

Signed-off-by: Glauber Costa <glommer at redhat.com>
---
 hw/cirrus_vga.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

Index: kvm-65/qemu/hw/cirrus_vga.c
===================================================================
--- kvm-65.orig/qemu/hw/cirrus_vga.c
+++ kvm-65/qemu/hw/cirrus_vga.c
@@ -224,15 +224,17 @@
 #define CIRRUS_HOOK_NOT_HANDLED 0
 #define CIRRUS_HOOK_HANDLED 1
 
+#define ABS(a) ((signed)(a) > 0 ? a : -a)
+
 #define BLTUNSAFE(s) \
     ( \
         ( /* check dst is within bounds */ \
-            (s)->cirrus_blt_height * (s)->cirrus_blt_dstpitch \
+            (s)->cirrus_blt_height * ABS((s)->cirrus_blt_dstpitch) \
                 + ((s)->cirrus_blt_dstaddr & (s)->cirrus_addr_mask) > \
                     (s)->vram_size \
         ) || \
         ( /* check src is within bounds */ \
-            (s)->cirrus_blt_height * (s)->cirrus_blt_srcpitch \
+            (s)->cirrus_blt_height * ABS((s)->cirrus_blt_srcpitch) \
                 + ((s)->cirrus_blt_srcaddr & (s)->cirrus_addr_mask) > \
                     (s)->vram_size \
         ) \


Index: kvm.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kvm/F-9/kvm.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- kvm.spec	2 Dec 2008 14:23:22 -0000	1.63
+++ kvm.spec	4 Dec 2008 23:40:44 -0000	1.64
@@ -1,7 +1,7 @@
 Summary: Kernel-based Virtual Machine
 Name: kvm
 Version: 65
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: Development/Tools
 URL: http://%{name}.sf.net
@@ -21,6 +21,7 @@
 Patch11: %{name}-sysenter32.patch
 Patch12: %{name}-cirrus-cve-2008-4539.patch
 Patch13: %{name}-int13.patch
+Patch14: %{name}-cirrus-boundary-check.patch
 # patches from upstream qemu
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires: SDL-devel
@@ -63,6 +64,7 @@
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
+%patch14 -p1
 
 %build
 # we need to install the data bits in a different path
@@ -117,6 +119,9 @@
 %{_sysconfdir}/sysconfig/modules/%{name}.modules
 
 %changelog
+* Thu Dec 04 2008 Glauber Costa <gcosta at redhat.com> - 65-14.fc9
+- Fixed bug that corrupted gnome-panel #474702
+
 * Tue Dec 02 2008 Glauber Costa <gcosta at redhat.com> - 65-12.fc9
 - Properly set flags for interrupt return #464304
 


