On 01/25/17 08:18, Gerd Hoffmann wrote: > Hi, > >>> The negative pitch means (I think) that "addr" points to the lower >>> left corner of the rectangle. >>> >>> The second part guarantees that the last blitted byte fits (lower >>> right corner). >> >> To which Gerd responded "upper left". In retrospect I don't understand >> why we didn't discuss that question further, as it now seems that we >> were both wrong -- "addr" stands for bottom right, in the negative pitch >> case. > > /me looks at d3532a0db02296e687711b8cdc7791924efccea0 and I can't > remember I wrote that code :-o
Haha, happens to me too :) > And I can't remember the discussion either. > > The good thing is I probably looked more careful at the code because of > that ... > >> Unfortunately, the original patch was meant to address the >> then-embargoed CVE-2014-8106. Since we have a bug in that code (= a >> security fix), this issue should have been reported privately as well, > > It has been reported privately first. I've actually suggested to send > it to the public list without embargo, given that we are moving away > from cirrus so this is less critical than it used to be two years ago. > Cirrus isn't the default display adapter any more in qemu, since years, > and management apps (virt-manager, ovirt, ...) are following. Ah, I see -- a CVE is justified, but an embargo: likely not. Makes sense. Thanks! Laszlo
