RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-17 05:02:25 +00:00
Code Issues Activity Actions
serenity/Kernel/Graphics/VirtIOGPU
History
Brian Gianforcaro c0ed656c94 Kernel: Fix buffer overflow in VirtIOGPU create_3d_resource(..) 
This code attempts to copy the `Protocol::Resource3DSpecification`
struct into request, starting at `Protocol::ResourceCreate3D::target`
member of the `Protocol::ResourceCreate3D` struct.

The problem is that the `Protocol::Resource3DSpecification` struct
does not having the trailing `u32 padding` that the `ResourceCreate3D`
struct has. Leading to memcopy overrunning the struct and corrupting
32 bits of data trailing the struct.

Found by SonarCloud:
 - Memory copy function overflows the destination buffer.
2022-03-14 22:30:22 +01:00
..
Console.cpp Kernel + WindowServer: Re-define the interface to framebuffer devices 2021-10-27 07:57:44 +03:00
Console.h Kernel/Graphics: Merge VirtIO GraphicsAdapter and VirtIO GPU code 2021-10-27 07:57:44 +03:00
FramebufferDevice.cpp Kernel: Implement basic VirGL device 2022-03-09 14:58:48 +03:30
FramebufferDevice.h Kernel: Add ioctl to get the EDID from a framebuffer 2022-01-23 22:45:21 +00:00
GPU3DDevice.cpp Kernel: Fix buffer overflow in VirtIOGPU create_3d_resource(..) 2022-03-14 22:30:22 +01:00
GPU3DDevice.h Kernel: Sandbox each GPU3DDevice file description into own host context 2022-03-14 17:38:18 +03:30
GraphicsAdapter.cpp Kernel: Fix buffer overflow in VirtIOGPU create_3d_resource(..) 2022-03-14 22:30:22 +01:00
GraphicsAdapter.h Kernel: Implement basic VirGL device 2022-03-09 14:58:48 +03:30
Protocol.h Kernel: Fix buffer overflow in VirtIOGPU create_3d_resource(..) 2022-03-14 22:30:22 +01:00