Re: [Qemu-devel] [PATCH] ati-vga: Fix check for blt outside vram

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] ati-vga: Fix check for blt outside vram

From:	Philippe Mathieu-Daudé
Subject:	Re: [Qemu-devel] [PATCH] ati-vga: Fix check for blt outside vram
Date:	Tue, 9 Apr 2019 15:03:13 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

This patch looks 4.0 worthwhile.

On 4/9/19 12:56 PM, BALATON Zoltan wrote:
> Fix the check preventing calling pixman functions that would access
> memory outside allocated vram. The r128 X driver sometimes seem to try
> blits that span outside vram, this check prevents crashing QEMU in
> that case. (The r128 X driver may have problems even on real hardware
> so I'm not sure if it's a client bug or emulation problem but at least
> QEMU should survive.)
> 
> Signed-off-by: BALATON Zoltan <address@hidden>
> Tested-by: Andrew Randrianasulu <address@hidden>
> ---
>  hw/display/ati_2d.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c
> index bc98ba6eeb..fe3ae14864 100644
> --- a/hw/display/ati_2d.c
> +++ b/hw/display/ati_2d.c
> @@ -79,10 +79,10 @@ void ati_2d_blt(ATIVGAState *s)
>                  s->regs.dst_width, s->regs.dst_height);
>          end = s->vga.vram_ptr + s->vga.vram_size;
>          if (src_bits >= end || dst_bits >= end ||
> -            src_bits + (s->regs.src_y + s->regs.dst_height) * src_stride +
> -            s->regs.src_x >= end ||
> -            dst_bits + (s->regs.dst_y + s->regs.dst_height) * dst_stride +
> -            s->regs.dst_x >= end) {
> +            src_bits + s->regs.src_x + (s->regs.src_y + s->regs.dst_height) *
> +            src_stride * sizeof(uint32_t) >= end ||
> +            dst_bits + s->regs.dst_x + (s->regs.dst_y + s->regs.dst_height) *
> +            dst_stride * sizeof(uint32_t) >= end) {
>              qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
>              return;
>          }
> @@ -140,8 +140,8 @@ void ati_2d_blt(ATIVGAState *s)
>                  filler);
>          end = s->vga.vram_ptr + s->vga.vram_size;
>          if (dst_bits >= end ||
> -            dst_bits + (s->regs.dst_y + s->regs.dst_height) * dst_stride +
> -            s->regs.dst_x >= end) {
> +            dst_bits + s->regs.dst_x + (s->regs.dst_y + s->regs.dst_height) *
> +            dst_stride * sizeof(uint32_t) >= end) {
>              qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
>              return;
>          }
>

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] ati-vga: Fix check for blt outside vram, BALATON Zoltan, 2019/04/09
- Re: [Qemu-devel] [PATCH] ati-vga: Fix check for blt outside vram, Philippe Mathieu-Daudé <=
  - Re: [Qemu-devel] [PATCH] ati-vga: Fix check for blt outside vram, BALATON Zoltan, 2019/04/14
    - Re: [Qemu-devel] [PATCH] ati-vga: Fix check for blt outside vram, BALATON Zoltan, 2019/04/25

Prev by Date: Re: [Qemu-devel] [PULL 05/15] multifd: Be flexible about packet size
Next by Date: Re: [Qemu-devel] [PATCH v3 3/3] block/stream: introduce a bottom node
Previous by thread: [Qemu-devel] [PATCH] ati-vga: Fix check for blt outside vram
Next by thread: Re: [Qemu-devel] [PATCH] ati-vga: Fix check for blt outside vram
Index(es):
- Date
- Thread