[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 7/8] ati-vga: Fix check for blt outside vram
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PULL 7/8] ati-vga: Fix check for blt outside vram |
Date: |
Tue, 7 May 2019 10:19:45 +0200 |
From: BALATON Zoltan <address@hidden>
Fix the check preventing calling pixman functions that would access
memory outside allocated vram. The r128 X driver sometimes seem to try
blits that span outside vram, this check prevents crashing QEMU in
that case. (The r128 X driver may have problems even on real hardware
so I'm not sure if it's a client bug or emulation problem but at least
QEMU should survive.)
Signed-off-by: BALATON Zoltan <address@hidden>
Tested-by: Andrew Randrianasulu <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
---
hw/display/ati_2d.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c
index bc98ba6eebf6..fe3ae148647b 100644
--- a/hw/display/ati_2d.c
+++ b/hw/display/ati_2d.c
@@ -79,10 +79,10 @@ void ati_2d_blt(ATIVGAState *s)
s->regs.dst_width, s->regs.dst_height);
end = s->vga.vram_ptr + s->vga.vram_size;
if (src_bits >= end || dst_bits >= end ||
- src_bits + (s->regs.src_y + s->regs.dst_height) * src_stride +
- s->regs.src_x >= end ||
- dst_bits + (s->regs.dst_y + s->regs.dst_height) * dst_stride +
- s->regs.dst_x >= end) {
+ src_bits + s->regs.src_x + (s->regs.src_y + s->regs.dst_height) *
+ src_stride * sizeof(uint32_t) >= end ||
+ dst_bits + s->regs.dst_x + (s->regs.dst_y + s->regs.dst_height) *
+ dst_stride * sizeof(uint32_t) >= end) {
qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
return;
}
@@ -140,8 +140,8 @@ void ati_2d_blt(ATIVGAState *s)
filler);
end = s->vga.vram_ptr + s->vga.vram_size;
if (dst_bits >= end ||
- dst_bits + (s->regs.dst_y + s->regs.dst_height) * dst_stride +
- s->regs.dst_x >= end) {
+ dst_bits + s->regs.dst_x + (s->regs.dst_y + s->regs.dst_height) *
+ dst_stride * sizeof(uint32_t) >= end) {
qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
return;
}
--
2.18.1
- [Qemu-devel] [PULL 0/8] Vga 20190507 patches, Gerd Hoffmann, 2019/05/07
- [Qemu-devel] [PULL 2/8] hw/display/cirrus_vga: Update the documentation URL, Gerd Hoffmann, 2019/05/07
- [Qemu-devel] [PULL 1/8] qxl: check release info object, Gerd Hoffmann, 2019/05/07
- [Qemu-devel] [PULL 3/8] hw/display/cirrus_vga: Remove unused include, Gerd Hoffmann, 2019/05/07
- [Qemu-devel] [PULL 8/8] i2c-ddc: move it to hw/display, Gerd Hoffmann, 2019/05/07
- [Qemu-devel] [PULL 7/8] ati-vga: Fix check for blt outside vram,
Gerd Hoffmann <=
- [Qemu-devel] [PULL 5/8] vl: add -vga help support, Gerd Hoffmann, 2019/05/07
- [Qemu-devel] [PULL 4/8] vl: constify VGAInterfaceInfo, Gerd Hoffmann, 2019/05/07
- [Qemu-devel] [PULL 6/8] qxl: avoid unaligned pointer reads/writes, Gerd Hoffmann, 2019/05/07
- Re: [Qemu-devel] [PULL 0/8] Vga 20190507 patches, Peter Maydell, 2019/05/07