Go to file
Aurelien Jarno 92d675d1c1 cirrus_vga: fix division by 0 for color expansion rop
Commit d85d0d3883 introduces a regression
with Windows ME that leads to a division by 0 and a crash.

It uses the color expansion rop with the source pitch set to 0. This is
something allowed, as the manual explicitely says "When the source of
color-expand data is display memory, the source pitch is ignored.".

This patch fixes this regression by computing sx, sy and others
variables only if they are going to be used later, that is for a plain
copy ROP. It basically consists in moving code.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-01-04 21:58:24 +01:00
audio noaudio: correctly account acquired samples 2011-01-04 03:53:47 +03:00
block Add proper -errno error return values to qcow2_open() 2010-12-17 16:15:04 +01:00
bsd-user Add new user mode option -ignore-environment 2010-10-05 13:53:55 -05:00
darwin-user darwin-user: Use GCC_FMT_ATTR (format checking) 2010-12-04 20:51:19 +00:00
default-configs config: add ahci for pci capable machines 2010-12-17 16:11:02 +01:00
docs docs: Fix missing carets in QED specification 2010-12-17 17:05:06 +01:00
fpu target-arm: Implement correct NaN propagation rules 2011-01-02 23:59:03 +01:00
fsdev [virtio-9p] Qemu 9p commandline options validity checks 2010-10-20 12:10:58 -05:00
gdb-xml
hw cirrus_vga: fix division by 0 for color expansion rop 2011-01-04 21:58:24 +01:00
linux-user softfloat: Rename float*_is_nan() functions to float*_is_quiet_nan() 2011-01-02 11:15:25 +01:00
net Add support for OpenBSD to QEMU's tap driver. 2010-12-21 19:44:33 +00:00
pc-bios spice: add qxl vgabios binary. 2010-12-09 14:23:24 +01:00
QMP spice: connection events. 2010-12-09 14:23:24 +01:00
roms Add new vgabios binaries to blobs list. 2010-11-16 08:39:52 -06:00
slirp slirp: Remove unused code for bad sprintf 2010-11-21 09:16:57 -06:00
sysconfigs/target
target-alpha softfloat: Rename float*_is_nan() functions to float*_is_quiet_nan() 2011-01-02 11:15:25 +01:00
target-arm target-arm: fix UMAAL instruction 2010-12-31 22:22:26 +01:00
target-cris target-xxx: Use fprintf_function (format checking) 2010-10-30 08:01:59 +00:00
target-i386 x86: Filter out garbage from segment flags dump 2010-12-27 22:02:52 +01:00
target-m68k softfloat: Rename float*_is_nan() functions to float*_is_quiet_nan() 2011-01-02 11:15:25 +01:00
target-microblaze softfloat: Rename float*_is_nan() functions to float*_is_quiet_nan() 2011-01-02 11:15:25 +01:00
target-mips softfloat: Rename float*_is_nan() functions to float*_is_quiet_nan() 2011-01-02 11:15:25 +01:00
target-ppc softfloat: Rename float*_is_nan() functions to float*_is_quiet_nan() 2011-01-02 11:15:25 +01:00
target-s390x s390: compile fixes 2010-12-26 00:29:49 +01:00
target-sh4 target-xxx: Use fprintf_function (format checking) 2010-10-30 08:01:59 +00:00
target-sparc target-sparc: fix udiv(cc) and sdiv(cc) 2010-12-28 18:44:51 +00:00
tcg tcg-ia64: Fix warning in qemu_ld. 2010-12-01 19:48:31 +01:00
tests rewrite i386 tests Makefile 2010-10-23 14:47:13 +00:00
ui vnc/spice: add set_passwd monitor command. 2010-12-09 14:23:25 +01:00
.gitignore Add a DTrace tracing backend targetted for SystemTAP compatability 2010-11-21 09:16:56 -06:00
.gitmodules
a.out.h
acl.c
acl.h
aes.c
aes.h
aio.c block: fix aio_flush segfaults for read-only protocols (e.g. curl) 2010-05-21 11:49:18 +02:00
alpha-dis.c *-dis: Replace fprintf_ftype by fprintf_function (format checking) 2010-12-04 20:50:30 +00:00
alpha.ld
arch_init.c migration: stable ram block ordering 2010-12-02 21:13:39 +02:00
arch_init.h Refactor target specific handling, compile vl.c only once 2010-03-29 19:23:52 +00:00
arm-dis.c *-dis: Replace fprintf_ftype by fprintf_function (format checking) 2010-12-04 20:50:30 +00:00
arm-semi.c GDB exit status for semihosting 2010-06-16 13:03:51 +01:00
arm.ld
async.c
balloon.c trace: Trace entry point of balloon request handler 2010-09-09 16:22:45 -05:00
balloon.h move balloon handling to balloon.c 2010-04-09 18:55:56 +02:00
block_int.h qed: Add QEMU Enhanced Disk image format 2010-12-17 16:11:04 +01:00
block-migration.c block migration: do not submit multiple AIOs for same sector (v2) 2010-11-24 17:31:06 +01:00
block-migration.h
block.c block: add discard support 2010-12-17 16:11:03 +01:00
block.h block: add discard support 2010-12-17 16:11:03 +01:00
blockdev.c Introduce do_snapshot_blkdev() and monitor command to handle it. 2010-12-17 16:11:03 +01:00
blockdev.h Introduce do_snapshot_blkdev() and monitor command to handle it. 2010-12-17 16:11:03 +01:00
bswap.h Fix leul_to_cpu on big endian hosts 2010-05-31 20:55:23 +02:00
bt-host.c bt: remove dead assignments, spotted by clang analyzer 2010-04-25 18:20:28 +00:00
bt-host.h
bt-vhci.c
buffered_file.c migration: allow rate > 4g 2010-12-02 21:13:39 +02:00
buffered_file.h
cache-utils.c Remove trailing whitespace 2010-11-01 00:54:06 +03:00
cache-utils.h
Changelog
check-qdict.c check-qdict: Introduce test for the new iteration API 2010-07-01 14:27:13 -03:00
check-qfloat.c Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
check-qint.c Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
check-qjson.c Silence compiler warning in json test case 2010-10-22 10:08:37 -02:00
check-qlist.c Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
check-qstring.c Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
cmd.c qemu-io: check registered fds in command_loop() 2010-06-22 14:38:02 +02:00
cmd.h
CODING_STYLE HACKING: add C type rules 2010-09-10 18:47:31 +00:00
compatfd.c signalfd compatibility 2010-10-20 16:15:04 -05:00
compatfd.h signalfd compatibility 2010-10-20 16:15:04 -05:00
config.h
configure raw-posix: add discard support 2010-12-17 16:11:03 +01:00
console.c console: Avoid dereferencing NULL active_console 2010-10-03 06:43:10 +00:00
console.h Fix curses on big endian hosts 2011-01-04 21:58:24 +01:00
COPYING
COPYING.LIB
cpu-all.h target-xxx: Use fprintf_function (format checking) 2010-10-30 08:01:59 +00:00
cpu-common.h exec: introduce endianness swapped mmio 2010-12-11 15:24:25 +00:00
cpu-defs.h move stop/stopped CPU_COMMON fields after area zeroed by reset 2010-05-11 14:02:22 -03:00
cpu-exec.c target-mips: fix host CPU consumption when guest is idle 2010-12-27 00:58:06 +01:00
cpus.c cpus: flush all requests on each vm stop 2010-12-09 12:47:19 +02:00
cpus.h target-xxx: Use fprintf_function (format checking) 2010-10-30 08:01:59 +00:00
create_config configure: Fix evaluation of config-host.mak in create_config 2010-06-13 12:50:30 +02:00
cris-dis.c Remove special handling of system include files (no longer needed) 2010-10-22 17:11:28 +00:00
cursor_hidden.xpm cursor: add cursor functions. 2010-05-24 15:18:23 -05:00
cursor_left_ptr.xpm cursor: add cursor functions. 2010-05-24 15:18:23 -05:00
cursor.c cursor: add cursor functions. 2010-05-24 15:18:23 -05:00
cutils.c Introduce strtosz_suffix() 2010-12-17 16:10:59 +01:00
def-helper.h tcg: Optionally sign-extend 32-bit arguments for 64-bit hosts. 2010-06-16 11:29:11 +02:00
device_tree.c
device_tree.h
dis-asm.h *-dis: Replace fprintf_ftype by fprintf_function (format checking) 2010-12-04 20:50:30 +00:00
disas.c Use GCC_FMT_ATTR (format checking) 2010-10-03 06:34:51 +00:00
disas.h Remove special handling of system include files (no longer needed) 2010-10-22 17:11:28 +00:00
dma-helpers.c
dma.h
dyngen-exec.h Remove special handling of system include files (no longer needed) 2010-10-22 17:11:28 +00:00
elf.h Add more DT_* and AT_* constants to qemu's copy of elf.h. 2010-07-29 08:32:27 +02:00
envlist.c
envlist.h
exec-all.h TCG: Improve tb_phys_hash_func() 2010-12-31 22:23:38 +01:00
exec.c Use mmap() within code_gen_alloc() for OpenBSD. 2010-12-21 19:44:54 +00:00
feature_to_c.sh Use gcc warning flag -Wnested-externs 2010-09-18 07:02:16 +00:00
gdbstub.c Use gcc warning flag -Wnested-externs 2010-09-18 07:02:16 +00:00
gdbstub.h Use gcc warning flag -Wnested-externs 2010-09-18 07:02:16 +00:00
gen-icount.h Compile qemu-timer only once 2010-03-29 19:24:00 +00:00
HACKING HACKING: add rules for printf-like functions 2010-09-10 18:53:11 +00:00
hmp-commands.hx Merge branch 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemu 2010-12-27 22:59:48 +01:00
host-utils.c
host-utils.h
hpet.h
hppa-dis.c tcg-hppa: Fix const errors in hppa-dis.c 2010-03-23 22:00:43 +01:00
hppa.ld
hxtool hxtool: Fix line number reporting on SQMP/EQMP errors 2010-06-11 16:35:46 -03:00
i386-dis.c i386-dis: Fix unused return value, spotted by clang 2010-04-18 14:27:44 +00:00
i386.ld
ia64-dis.c Fix %lld or %llx printf format use 2010-05-22 08:02:12 +00:00
ia64.ld
input.c un-register kbd driver in case of USB kbd unplug. 2010-06-14 15:46:28 -05:00
ioport-user.c
ioport.c Type-safe ioport callbacks 2010-11-21 09:16:57 -06:00
ioport.h Type-safe ioport callbacks 2010-11-21 09:16:57 -06:00
iorange.h Type-safe ioport callbacks 2010-11-21 09:16:57 -06:00
iov.c iov: Move from hw/ to topdir 2010-05-10 11:36:03 -05:00
iov.h iov: Move from hw/ to topdir 2010-05-10 11:36:03 -05:00
json-lexer.c remove unnecessary lookaheads 2010-06-11 15:25:14 -03:00
json-lexer.h
json-parser.c Use GCC_FMT_ATTR (format checking) 2010-10-03 06:34:51 +00:00
json-parser.h
json-streamer.c json-streamer: Don't use qdict_put_obj() 2010-06-11 15:25:14 -03:00
json-streamer.h
kvm-all.c migration: stable ram block ordering 2010-12-02 21:13:39 +02:00
kvm-stub.c MCE: Relay UCR MCE to guest 2010-10-20 16:15:04 -05:00
kvm.h MCE: Relay UCR MCE to guest 2010-10-20 16:15:04 -05:00
libfdt_env.h
LICENSE
linux-aio.c linux-aio: Fix typo in read() EINTR check 2010-04-23 16:21:57 +02:00
m68k-dis.c *-dis: Replace fprintf_ftype by fprintf_function (format checking) 2010-12-04 20:50:30 +00:00
m68k-semi.c Move qemu_gettimeofday() to OS specific files 2010-10-30 08:02:38 +00:00
m68k.ld
MAINTAINERS Use a Linux-style MAINTAINERS file 2010-11-30 14:38:55 -06:00
make_device_config.sh win32: Fix CRLF problem in make_device_config.sh 2010-12-18 18:58:25 +00:00
Makefile spice: add qxl vgabios binary. 2010-12-09 14:23:24 +01:00
Makefile.dis Compile disassemblers only once 2010-03-21 08:28:47 +00:00
Makefile.hw Clean libhw subdirs as well 2010-05-22 08:24:49 +00:00
Makefile.objs qed: Read/write support 2010-12-17 16:11:04 +01:00
Makefile.target Merge branch 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemu 2010-12-27 22:59:48 +01:00
Makefile.user
microblaze-dis.c *-dis: Replace fprintf_ftype by fprintf_function (format checking) 2010-12-04 20:50:30 +00:00
migration-exec.c Factorize common migration incoming code 2010-06-22 15:15:51 -05:00
migration-fd.c Factorize common migration incoming code 2010-06-22 15:15:51 -05:00
migration-tcp.c Close socket file descriptor when qemu_accept fails 2010-07-25 17:03:51 +02:00
migration-unix.c Factorize common migration incoming code 2010-06-22 15:15:51 -05:00
migration.c migration/savevm: no need to flush requests 2010-12-09 12:47:48 +02:00
migration.h Factorize common migration incoming code 2010-06-22 15:15:51 -05:00
mips-dis.c *-dis: Replace fprintf_ftype by fprintf_function (format checking) 2010-12-04 20:50:30 +00:00
mips.ld
module.c
module.h
monitor.c Merge branch 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemu 2010-12-27 22:59:48 +01:00
monitor.h spice: connection events. 2010-12-09 14:23:24 +01:00
nbd.c nbd: Haiku has _IO() in its BSD compatibility layer 2010-10-03 06:31:33 +00:00
nbd.h Merge remote branch 'kwolf/for-anthony' into staging 2010-09-08 14:26:57 -05:00
net-checksum.c
net.c net/sock: option to specify local address 2010-12-09 12:45:50 +02:00
net.h Add bootindex parameter to net/block/fd device 2010-12-11 21:32:46 +00:00
notify.c Add support for generic notifier lists 2010-03-19 15:27:32 -05:00
notify.h Add support for generic notifier lists 2010-03-19 15:27:32 -05:00
os-posix.c Separate qemu_pidfile() into OS specific versions 2010-10-30 08:02:39 +00:00
os-win32.c Separate qemu_pidfile() into OS specific versions 2010-10-30 08:02:39 +00:00
osdep.c Remove unncessary includes 2010-10-30 08:02:40 +00:00
osdep.h Move qemu_gettimeofday() to OS specific files 2010-10-30 08:02:38 +00:00
oslib-posix.c virtio-9p: fix build on !CONFIG_UTIMENSAT 2010-12-02 16:08:40 -08:00
oslib-win32.c Consolidate oom_check() functions 2010-10-30 08:02:39 +00:00
path.c
pci-ids.txt
pflib.c add pflib: PixelFormat conversion library. 2010-09-21 18:35:30 +02:00
pflib.h add pflib: PixelFormat conversion library. 2010-09-21 18:35:30 +02:00
poison.h move targphys.h and hw/poison.h inclusion to cpu-common.h 2010-04-09 18:55:55 +02:00
posix-aio-compat.c Move qemu_gettimeofday() to OS specific files 2010-10-30 08:02:38 +00:00
ppc64.ld
ppc-dis.c
ppc.ld
qbool.c Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
qbool.h
qdict-test-data.txt
qdict.c QDict: Introduce qdict_get_try_bool() 2010-07-01 14:27:13 -03:00
qdict.h QDict: Introduce qdict_get_try_bool() 2010-07-01 14:27:13 -03:00
qemu_socket.h Fix OpenBSD build 2010-09-22 20:05:23 +00:00
qemu-aio.h
qemu-barrier.h Introduce proper compiler barrier 2010-07-22 05:52:08 +02:00
qemu-binfmt-conf.sh update binfmt conf 2010-12-03 15:09:39 +02:00
qemu-char.c qemu-char: Introduce Memory driver 2010-11-17 09:52:24 -02:00
qemu-char.h qemu-char: Introduce Memory driver 2010-11-17 09:52:24 -02:00
qemu-common.h Merge branch 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemu 2010-12-27 22:59:48 +01:00
qemu-config.c Add bootindex for option roms. 2010-12-11 21:32:47 +00:00
qemu-config.h spice: core bits 2010-09-21 18:36:42 +02:00
qemu-doc.texi intel-hda: documentation update 2010-11-02 00:41:04 +03:00
qemu-error.c error: Move qerror_report() from qemu-error.[ch] to qerror.[ch] 2010-03-27 14:30:38 +01:00
qemu-error.h Use GCC_FMT_ATTR (format checking) 2010-10-03 06:34:51 +00:00
qemu-img-cmds.hx Copy snapshots out of QCOW2 disk 2010-10-22 14:49:35 +02:00
qemu-img.c Remove NULL checks for bdrv_new return value 2010-12-17 16:11:03 +01:00
qemu-img.texi Copy snapshots out of QCOW2 disk 2010-10-22 14:49:35 +02:00
qemu-io.c qemu-io: Fix typo in help texts 2010-12-17 16:11:03 +01:00
qemu-lock.h Remove unused spin_trylock() function 2010-12-04 21:21:28 +00:00
qemu-log.h
qemu-malloc.c Add missing tracing to qemu_mallocz() 2010-12-14 15:44:21 +01:00
qemu-nbd.c Remove NULL checks for bdrv_new return value 2010-12-17 16:11:03 +01:00
qemu-nbd.texi
qemu-objects.h Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
qemu-option.c qemu-option: Fix parse_option_parameters() documentation typo 2010-12-14 15:44:21 +01:00
qemu-option.h error: New qemu_opts_loc_restore() 2010-07-06 17:05:49 +02:00
qemu-options.h Introduce OS specific cmdline argument handling and move SMB arg to os-posix.c 2010-06-12 08:49:15 +03:00
qemu-options.hx Merge branch 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemu 2010-12-27 22:59:48 +01:00
qemu-os-posix.h virtio-9p: fix build on !CONFIG_UTIMENSAT 2010-12-02 16:08:40 -08:00
qemu-os-win32.h Move qemu_gettimeofday() to OS specific files 2010-10-30 08:02:38 +00:00
qemu-queue.h
qemu-sockets.c qemu-sockets: avoid strlen of NULL pointer 2010-05-18 19:49:16 +02:00
qemu-tech.texi
qemu-thread.c qemu-thread: add qemu_mutex/cond_destroy and qemu_mutex_exit 2010-07-26 17:36:14 -05:00
qemu-thread.h qemu-thread: add qemu_mutex/cond_destroy and qemu_mutex_exit 2010-07-26 17:36:14 -05:00
qemu-timer-common.c Add OpenBSD to ifdef list since it has CLOCK_MONOTONIC. 2010-12-21 19:44:42 +00:00
qemu-timer.c qemu-timer: move commonly used timer code to qemu-timer-common 2010-10-23 15:24:07 +00:00
qemu-timer.h Mov muldiv64 to qemu-common.h (Thus unbreaking gus) 2010-10-30 01:41:01 +04:00
qemu-tool.c Move qemu_gettimeofday() to OS specific files 2010-10-30 08:02:38 +00:00
qemu-x509.h
qemu.sasl
qerror.c Use GCC_FMT_ATTR (format checking) 2010-10-03 06:34:51 +00:00
qerror.h Use GCC_FMT_ATTR (format checking) 2010-10-03 06:34:51 +00:00
qfloat.c Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
qfloat.h
qint.c Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
qint.h Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
qjson.c Add support for JSON pretty printing 2010-10-01 10:12:43 -03:00
qjson.h Merge remote branch 'qmp/for-anthony' into staging 2010-10-05 13:54:49 -05:00
qlist.c Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
qlist.h Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
qmp-commands.hx Merge branch 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemu 2010-12-27 22:59:48 +01:00
qobject.h Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
qstring.c Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
qstring.h Fix qtypes' licenses 2010-05-19 12:45:54 -03:00
range.h Introduce range.h 2010-09-18 05:53:14 +00:00
readline.c
readline.h
README
rules.mak rewrite i386 tests Makefile 2010-10-23 14:47:13 +00:00
rwhandler.c Make simple io mem handler endian aware 2010-12-11 15:24:25 +00:00
rwhandler.h Make simple io mem handler endian aware 2010-12-11 15:24:25 +00:00
s390-dis.c s390: Disassemble some general-instruction-extension insns. 2010-06-10 00:46:41 +02:00
s390.ld
savevm.c migration/savevm: no need to flush requests 2010-12-09 12:47:48 +02:00
sh4-dis.c *-dis: Replace fprintf_ftype by fprintf_function (format checking) 2010-12-04 20:50:30 +00:00
simpletrace.c qemu-timer: move commonly used timer code to qemu-timer-common 2010-10-23 15:24:07 +00:00
simpletrace.h trace: Use fprintf_function (format checking) 2010-11-21 09:16:57 -06:00
simpletrace.py trace: Relax trace-events parsing regex in simpletrace.py 2010-10-20 16:27:51 +00:00
softmmu_defs.h
softmmu_exec.h sparc64: handle asi referencing nucleus and secondary MMU contexts 2010-05-06 23:14:26 +03:00
softmmu_header.h sparc64: fix 32bit load sign extension 2010-06-02 20:04:52 +00:00
softmmu_template.h Split TLB addend and target_phys_addr_t 2010-04-05 00:28:53 +01:00
softmmu-semi.h
sparc64.ld
sparc-dis.c sparc64: more ultrasparc asi extensions for disassembler 2010-05-06 20:13:02 +00:00
sparc.ld
sysemu.h Merge branch 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemu 2010-12-27 22:59:48 +01:00
targphys.h Split TLB addend and target_phys_addr_t 2010-04-05 00:28:53 +01:00
tcg-runtime.c tcg: add div/rem 32-bit helpers 2010-03-14 22:04:50 +01:00
texi2pod.pl
thunk.c
thunk.h
TODO
trace-events qed: Read/write support 2010-12-17 16:11:04 +01:00
tracetool Add support for generating a systemtap tapset static probes 2010-11-21 09:16:56 -06:00
translate-all.c tcg: get rid of copy_size in TCGOpDef 2010-06-09 16:10:50 +02:00
uboot_image.h
usb-bsd.c
usb-linux.c usb-linux: Get the active configuration from sysfs rather then asking the dev 2010-11-16 14:35:00 -06:00
usb-stub.c
VERSION Update version for 0.13.x 2010-07-28 07:58:15 -05:00
version.rc mingw: add version information to the executables 2010-09-26 16:07:57 +00:00
vgafont.h
vl.c Merge branch 'spice.v23.pull' of git://anongit.freedesktop.org/spice/qemu 2010-12-27 22:59:48 +01:00
x86_64.ld

Read the documentation in qemu-doc.html.

Fabrice Bellard.