[PULL,02/19] ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)

From: Mauro Matteo Cascella <mcascell@redhat.com>

From: marcandre.lureau@redhat.com
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
 Markus Armbruster <armbru@redhat.com>,
 =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>, =?utf-8?q?Philippe_M?=
	=?utf-8?q?athieu-Daud=C3=A9?= <philmd@linaro.org>,
 Beraldo Leal <bleal@redhat.com>, richard.henderson@linaro.org, =?utf-8?q?Da?=
	=?utf-8?q?niel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>,
 Gerd Hoffmann <kraxel@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>,
	=?utf-8?q?Marc-Andr=C3=A9_Lureau?= <marcandre.lureau@redhat.com>,
 Wainer dos Santos Moschetta <wainersm@redhat.com>,
 Thomas Huth <thuth@redhat.com>, Eric Blake <eblake@redhat.com>,
 Mauro Matteo Cascella <mcascell@redhat.com>
Subject: [PULL 02/19] ui/vnc-clipboard: fix infinite loop in inflate_buffer
 (CVE-2023-3255)
Date: Mon, 17 Jul 2023 16:45:27 +0400
Message-ID: <20230717124545.177236-3-marcandre.lureau@redhat.com>
In-Reply-To: <20230717124545.177236-1-marcandre.lureau@redhat.com>
References: <20230717124545.177236-1-marcandre.lureau@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=170.10.133.124;
 envelope-from=marcandre.lureau@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID	20230717124545.177236-3-marcandre.lureau@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: marcandre.lureau@redhat.com To: qemu-devel@nongnu.org Cc: Paolo Bonzini <pbonzini@redhat.com>, Markus Armbruster <armbru@redhat.com>, =?utf-8?q?Alex_Benn=C3=A9e?= <alex.bennee@linaro.org>, =?utf-8?q?Philippe_M?= =?utf-8?q?athieu-Daud=C3=A9?= <philmd@linaro.org>, Beraldo Leal <bleal@redhat.com>, richard.henderson@linaro.org, =?utf-8?q?Da?= =?utf-8?q?niel_P=2E_Berrang=C3=A9?= <berrange@redhat.com>, Gerd Hoffmann <kraxel@redhat.com>, "Michael S. Tsirkin" <mst@redhat.com>, =?utf-8?q?Marc-Andr=C3=A9_Lureau?= <marcandre.lureau@redhat.com>, Wainer dos Santos Moschetta <wainersm@redhat.com>, Thomas Huth <thuth@redhat.com>, Eric Blake <eblake@redhat.com>, Mauro Matteo Cascella <mcascell@redhat.com> Subject: [PULL 02/19] ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) Date: Mon, 17 Jul 2023 16:45:27 +0400 Message-ID: <20230717124545.177236-3-marcandre.lureau@redhat.com> In-Reply-To: <20230717124545.177236-1-marcandre.lureau@redhat.com> References: <20230717124545.177236-1-marcandre.lureau@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=marcandre.lureau@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Series	[PULL,01/19] virtio-gpu: fix potential divide-by-zero regression \| expand [PULL,01/19] virtio-gpu: fix potential divide-by-zero regression [PULL,02/19] ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255) [PULL,03/19] ui/gtk: Make sure the right EGL context is currently bound [PULL,04/19] virtio-gpu: replace the surface with null surface when resetting [PULL,05/19] virtio-gpu-udmabuf: correct naming of QemuDmaBuf size properties [PULL,06/19] ui/gtk: set scanout-mode right before scheduling draw [PULL,07/19] ui/gtk: skip refresh if new dmabuf has been submitted [PULL,08/19] libvirt-ci: update submodule to cover pipewire [PULL,09/19] tests/lcitool: add pipewire [PULL,10/19] audio/pw: Pipewire->PipeWire case fix for user-visible text [PULL,11/19] audio/pw: drop needless case statement [PULL,12/19] audio/pw: needless check for NULL [PULL,13/19] audio/pw: trace during init before calling pipewire API [PULL,14/19] audio/pw: add more details on error [PULL,15/19] audio/pw: factorize some common code [PULL,16/19] audio/pw: add more error reporting [PULL,17/19] audio/pw: simplify error reporting in stream creation [PULL,18/19] audio/pw: remove wrong comment [PULL,19/19] audio/pw: improve channel position code

[PULL,02/19] ui/vnc-clipboard: fix infinite loop in inflate_buffer (CVE-2023-3255)

Commit Message

Patch