ati: use vga_read_byte in ati_cursor_define
This makes sure reads are confined to vga video memory. v3: use uint32_t, fix cut+paste bug. v2: fix ati_cursor_draw_line too. Reported-by: xu hang <flier_m@outlook.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20190917111441.27405-3-kraxel@redhat.com
This commit is contained in:
parent
145e543eb3
commit
aab0e2a661
@ -19,6 +19,7 @@
|
||||
#include "qemu/osdep.h"
|
||||
#include "ati_int.h"
|
||||
#include "ati_regs.h"
|
||||
#include "vga-access.h"
|
||||
#include "hw/qdev-properties.h"
|
||||
#include "vga_regs.h"
|
||||
#include "qemu/log.h"
|
||||
@ -135,19 +136,19 @@ static void ati_vga_switch_mode(ATIVGAState *s)
|
||||
static void ati_cursor_define(ATIVGAState *s)
|
||||
{
|
||||
uint8_t data[1024];
|
||||
uint8_t *src;
|
||||
uint32_t srcoff;
|
||||
int i, j, idx = 0;
|
||||
|
||||
if ((s->regs.cur_offset & BIT(31)) || s->cursor_guest_mode) {
|
||||
return; /* Do not update cursor if locked or rendered by guest */
|
||||
}
|
||||
/* FIXME handle cur_hv_offs correctly */
|
||||
src = s->vga.vram_ptr + s->regs.cur_offset -
|
||||
(s->regs.cur_hv_offs >> 16) - (s->regs.cur_hv_offs & 0xffff) * 16;
|
||||
srcoff = s->regs.cur_offset -
|
||||
(s->regs.cur_hv_offs >> 16) - (s->regs.cur_hv_offs & 0xffff) * 16;
|
||||
for (i = 0; i < 64; i++) {
|
||||
for (j = 0; j < 8; j++, idx++) {
|
||||
data[idx] = src[i * 16 + j];
|
||||
data[512 + idx] = src[i * 16 + j + 8];
|
||||
data[idx] = vga_read_byte(&s->vga, srcoff + i * 16 + j);
|
||||
data[512 + idx] = vga_read_byte(&s->vga, srcoff + i * 16 + j + 8);
|
||||
}
|
||||
}
|
||||
if (!s->cursor) {
|
||||
@ -189,7 +190,7 @@ static void ati_cursor_invalidate(VGACommonState *vga)
|
||||
static void ati_cursor_draw_line(VGACommonState *vga, uint8_t *d, int scr_y)
|
||||
{
|
||||
ATIVGAState *s = container_of(vga, ATIVGAState, vga);
|
||||
uint8_t *src;
|
||||
uint32_t srcoff;
|
||||
uint32_t *dp = (uint32_t *)d;
|
||||
int i, j, h;
|
||||
|
||||
@ -199,13 +200,13 @@ static void ati_cursor_draw_line(VGACommonState *vga, uint8_t *d, int scr_y)
|
||||
return;
|
||||
}
|
||||
/* FIXME handle cur_hv_offs correctly */
|
||||
src = s->vga.vram_ptr + s->cursor_offset + (scr_y - vga->hw_cursor_y) * 16;
|
||||
srcoff = s->cursor_offset + (scr_y - vga->hw_cursor_y) * 16;
|
||||
dp = &dp[vga->hw_cursor_x];
|
||||
h = ((s->regs.crtc_h_total_disp >> 16) + 1) * 8;
|
||||
for (i = 0; i < 8; i++) {
|
||||
uint32_t color;
|
||||
uint8_t abits = src[i];
|
||||
uint8_t xbits = src[i + 8];
|
||||
uint8_t abits = vga_read_byte(vga, srcoff + i);
|
||||
uint8_t xbits = vga_read_byte(vga, srcoff + i + 8);
|
||||
for (j = 0; j < 8; j++, abits <<= 1, xbits <<= 1) {
|
||||
if (abits & BIT(7)) {
|
||||
if (xbits & BIT(7)) {
|
||||
|
Loading…
Reference in New Issue
Block a user