virtio-gpu: fix information leak in getting capset info dispatch

In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't been full initialized before writing to the guest. This will leak the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This patch fix this issue. Signed-off-by: N Li Qiang <liqiang6-s@360.cn> Message-id: 5818661e.0860240a.77264.7a56@mx.google.com Reviewed-by: N Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: N Gerd Hoffmann <kraxel@redhat.com>

virtio-gpu: fix information leak in getting capset info dispatch
In virgl_cmd_get_capset_info dispatch function, the 'resp' hasn't been full initialized before writing to the guest. This will leak the 'resp.padding' and 'resp.hdr.padding' fieds to the guest. This patch fix this issue. Signed-off-by: N Li Qiang <liqiang6-s@360.cn> Message-id: 5818661e.0860240a.77264.7a56@mx.google.com Reviewed-by: N Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: N Gerd Hoffmann <kraxel@redhat.com>
42a8dadc · Li Qiang · Gerd Hoffmann · 6c756502 · 42a8dadc
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

hw/display/virtio-gpu-3d.c hw/display/virtio-gpu-3d.c +1 -0

未找到文件。
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -347,6 +347,7 @@ static void virgl_cmd_get_capset_info(VirtIOGPU *g,

    VIRTIO_GPU_FILL_CMD(info);

+    memset(&resp, 0, sizeof(resp));
    if (info.capset_index == 0) {
        resp.capset_id = VIRTIO_GPU_CAPSET_VIRGL;
        virgl_renderer_get_cap_set(resp.capset_id,