vmsvga: don't process more than 1024 fifo commands at once
authorGerd Hoffmann <kraxel@redhat.com>
Mon, 30 May 2016 07:09:21 +0000 (09:09 +0200)
committerGerd Hoffmann <kraxel@redhat.com>
Mon, 6 Jun 2016 07:04:29 +0000 (09:04 +0200)
commit4e68a0ee17dad7b8d870df0081d4ab2e079016c2
tree0e6f8c5fd9b1fc3bb5f317e5ccf94f297862830d
parent7e486f7577764a07aa35588e119903c80a5c30a2
vmsvga: don't process more than 1024 fifo commands at once

vmsvga_fifo_run is called in regular intervals (on each display update)
and will resume where it left off.  So we can simply exit the loop,
without having to worry about how processing will continue.

Fixes: CVE-2016-4453
Cc: qemu-stable@nongnu.org
Cc: P J P <ppandit@redhat.com>
Reported-by: 李强 <liqiang6-s@360.cn>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-id: 1464592161-18348-5-git-send-email-kraxel@redhat.com
hw/display/vmware_vga.c