[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] cirrus_vga: fix off-by-one in blit_region_is
From: |
Gerd Hoffmann |
Subject: |
Re: [Qemu-devel] [PATCH v2] cirrus_vga: fix off-by-one in blit_region_is_unsafe |
Date: |
Tue, 16 Feb 2016 14:30:46 +0100 |
On Mi, 2016-02-10 at 17:17 +0100, Paolo Bonzini wrote:
> The "max" value is being compared with >=, but addr + width points to
> the first byte that will _not_ be copied. Laszlo suggested using a
> "greater than" comparison, instead of subtracting one like it is
> already done above for the height, so that max remains always
> positive.
>
> The mistake is "safe"---it will reject some blits, but will never
> cause
> out-of-bounds writes.
added to vga queue.
thanks,
Gerd