[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 46/88] vmware-vga: use vmsvga_verify_rect in vmsvga_
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 46/88] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect |
Date: |
Thu, 8 Jan 2015 11:33:50 -0600 |
From: Gerd Hoffmann <address@hidden>
Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL.
Cc: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Don Koch <address@hidden>
(cherry picked from commit bd9ccd8517e83b7c33a9167815dbfffb30d70b13)
Signed-off-by: Michael Roth <address@hidden>
---
hw/display/vmware_vga.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index c2e0a43..d44e3e8 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -30,9 +30,7 @@
#undef VERBOSE
#define HW_RECT_ACCEL
-#if 0
#define HW_FILL_ACCEL
-#endif
#define HW_MOUSE_ACCEL
#include "vga_int.h"
@@ -444,7 +442,7 @@ static inline int vmsvga_copy_rect(struct vmsvga_state_s *s,
#endif
#ifdef HW_FILL_ACCEL
-static inline void vmsvga_fill_rect(struct vmsvga_state_s *s,
+static inline int vmsvga_fill_rect(struct vmsvga_state_s *s,
uint32_t c, int x, int y, int w, int h)
{
DisplaySurface *surface = qemu_console_surface(s->vga.con);
@@ -457,6 +455,10 @@ static inline void vmsvga_fill_rect(struct vmsvga_state_s
*s,
uint8_t *src;
uint8_t col[4];
+ if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) {
+ return -1;
+ }
+
col[0] = c;
col[1] = c >> 8;
col[2] = c >> 16;
@@ -481,6 +483,7 @@ static inline void vmsvga_fill_rect(struct vmsvga_state_s
*s,
}
vmsvga_update_rect_delayed(s, x, y, w, h);
+ return 0;
}
#endif
@@ -613,12 +616,12 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
width = vmsvga_fifo_read(s);
height = vmsvga_fifo_read(s);
#ifdef HW_FILL_ACCEL
- vmsvga_fill_rect(s, colour, x, y, width, height);
- break;
-#else
+ if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) {
+ break;
+ }
+#endif
args = 0;
goto badcmd;
-#endif
case SVGA_CMD_RECT_COPY:
len -= 7;
--
1.9.1
- [Qemu-devel] [PATCH 35/88] virtio-serial: fix virtio-serial child refcount in transports, (continued)
- [Qemu-devel] [PATCH 35/88] virtio-serial: fix virtio-serial child refcount in transports, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 39/88] virtio-9p: use aliases instead of duplicate qdev properties, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 42/88] vmware-vga: CVE-2014-3689: turn off hw accel, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 30/88] virtio-net: use aliases instead of duplicate qdev properties, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 29/88] vhost-scsi: use virtio_ldl_p, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 44/88] vmware-vga: use vmsvga_verify_rect in vmsvga_update_rect, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 43/88] vmware-vga: add vmsvga_verify_rect, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 37/88] virtio-rng: fix virtio-rng child refcount in transports, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 41/88] pc: Fix disabling of vapic for compat PC models, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 48/88] libcacard: don't free sign buffer while sign op is pending, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 46/88] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect,
Michael Roth <=
- [Qemu-devel] [PATCH 50/88] vnc: sanitize bits_per_pixel from the client, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 40/88] virtio-9p: fix virtio-9p child refcount in transports, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 45/88] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 51/88] virtio-scsi: sense in virtio_scsi_command_complete, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 52/88] tcg/mips: fix store softmmu slow path, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 47/88] qcow2: Do not overflow when writing an L1 sector, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 49/88] Make qemu_shutdown_requested signal-safe, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 54/88] hw/xtensa/xtfpga: treat uImage load address as virtual, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 53/88] hw/core/loader: implement address translation in uimage loader, Michael Roth, 2015/01/08
- [Qemu-devel] [PATCH 57/88] esp-pci: fixup deadlock with linux, Michael Roth, 2015/01/08