| commit | 8ec1415935ff4214ef9b47448ff7ac52cfa8b77e | |
| author | Gerd Hoffmann <kraxel@redhat.com> | |
| Mon, 13 Jul 2020 12:45:20 +0000 (13 14:45 +0200) | ||
| committer | Gerd Hoffmann <kraxel@redhat.com> | |
| Thu, 16 Jul 2020 08:20:12 +0000 (16 10:20 +0200) | ||
| tree | 0cc177b05ebaa1f5f028487639f51c050030e2e8 | treesnapshot (tar.gz zip) |
| parent | 8746309137ba470d1b2e8f5ce86ac228625db940 | commitdiff |
vfio: fix use-after-free in display
Calling ramfb_display_update() might replace the DisplaySurface with the
boot display, which in turn will free the currently active
DisplaySurface.
So clear our DisplaySurface pinter (dpy->region.surface pointer) to (a)
avoid use-after-free and (b) force replacing the boot display with the
real display when switching back.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Message-id: 20200713124520.23266-1-kraxel@redhat.com
Calling ramfb_display_update() might replace the DisplaySurface with the
boot display, which in turn will free the currently active
DisplaySurface.
So clear our DisplaySurface pinter (dpy->region.surface pointer) to (a)
avoid use-after-free and (b) force replacing the boot display with the
real display when switching back.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Message-id: 20200713124520.23266-1-kraxel@redhat.com
| hw/vfio/display.c | diffblobblamehistory |