ati-vga: Fix check for blt outside vram
Fix the check preventing calling pixman functions that would access memory outside allocated vram. The r128 X driver sometimes seem to try blits that span outside vram, this check prevents crashing QEMU in that case. (The r128 X driver may have problems even on real hardware so I'm not sure if it's a client bug or emulation problem but at least QEMU should survive.) Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu> Tested-by: Andrew Randrianasulu <randrianasulu@gmail.com> Message-Id: <20190409110732.5C5FF7465DB@zero.eik.bme.hu> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
BALATON Zoltan
Gerd Hoffmann
parent
94932c95c1
commit
349ebdd76d
@ -79,10 +79,10 @@ void ati_2d_blt(ATIVGAState *s)
|
||||
s->regs.dst_width, s->regs.dst_height);
|
||||
end = s->vga.vram_ptr + s->vga.vram_size;
|
||||
if (src_bits >= end || dst_bits >= end ||
|
||||
src_bits + (s->regs.src_y + s->regs.dst_height) * src_stride +
|
||||
s->regs.src_x >= end ||
|
||||
dst_bits + (s->regs.dst_y + s->regs.dst_height) * dst_stride +
|
||||
s->regs.dst_x >= end) {
|
||||
src_bits + s->regs.src_x + (s->regs.src_y + s->regs.dst_height) *
|
||||
src_stride * sizeof(uint32_t) >= end ||
|
||||
dst_bits + s->regs.dst_x + (s->regs.dst_y + s->regs.dst_height) *
|
||||
dst_stride * sizeof(uint32_t) >= end) {
|
||||
qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
|
||||
return;
|
||||
}
|
||||
@ -140,8 +140,8 @@ void ati_2d_blt(ATIVGAState *s)
|
||||
filler);
|
||||
end = s->vga.vram_ptr + s->vga.vram_size;
|
||||
if (dst_bits >= end ||
|
||||
dst_bits + (s->regs.dst_y + s->regs.dst_height) * dst_stride +
|
||||
s->regs.dst_x >= end) {
|
||||
dst_bits + s->regs.dst_x + (s->regs.dst_y + s->regs.dst_height) *
|
||||
dst_stride * sizeof(uint32_t) >= end) {
|
||||
qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
|
||||
return;
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user