From a99239d0d19353c7426f0d9288a1ca0826a76149 Mon Sep 17 00:00:00 2001
From: liuhaipeng 00050065 <liuhaipeng@xfusion.com>
Date: Mon, 15 Jan 2024 10:44:26 +0800
Subject: [PATCH] Fixed the early version of CVE-2022-4144 patch is not fully
 adapted

The https://gitee.com/openeuler/qemu/pulls/394 patch is used to fix CVE-2022-4144.
The QEMU version is as follows: 6. 2. The patch is installed normally.
When the patch is deployed to version 4.1.0, the OpenEuler patch is not fully adapted.

The qxl_phys2virt function prototype is defined in the hw/display/qxl.c
file.

void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id,
                    size_t size);

Signed-off-by: liuhaipeng 00050065 <liuhaipeng@xfusion.com>
---
 hw/display/qxl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index 5a923d30de6..3442e66dcdc 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -674,7 +674,8 @@ static int interface_get_command(QXLInstance *sin, struct QXLCommandExt *ext)
              *
              * https://cgit.freedesktop.org/spice/win32/qxl-wddm-dod/commit/?id=f6e099db39e7d0787f294d5fd0dce328b5210faa
              */
-            void *msg = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+	    void *msg = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
+			              sizeof(void));
             if (msg != NULL && (
                     msg < (void *)qxl->vga.vram_ptr ||
                     msg > ((void *)qxl->vga.vram_ptr + qxl->vga.vram_size))) {
-- 
Gitee