qemu/hw
Benjamin Herrenschmidt d16136d22a cirrus: Fix host CPU blits
Commit b2eb849d4b
"CVE-2007-1320 - Cirrus LGD-54XX "bitblt" heap overflow" broke
cpu to video blits.

When the ROP function is called from cirrus_bitblt_cputovideo_next(),
we pass 0 for the pitch but only operate on one line at a time. The
added test was tripping because after the initial substraction, the
pitch becomes negative. Make the test only trip when the height is
larger than one (ie. the pitch is actually used).

This fixes HW cursor support in Windows NT4.0 (which otherwise was
a white rectangle) and general display of icons in that OS when using
8bpp mode.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-11 10:17:02 +02:00
..
9pfs virtio-9p: use virtio wrappers to access headers 2014-06-29 19:39:43 +03:00
acpi acpi: fix typo in memory hotplug MMIO region name 2014-07-06 09:13:54 +03:00
alpha machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
arm hw/arm/vexpress: Alias NOR flash at 0 for vexpress-a9 2014-07-08 13:05:10 +01:00
audio audio: fmopl: drop INLINE macro 2014-06-23 11:01:24 -04:00
block dataplane: submit I/O as a batch 2014-07-07 11:05:17 +02:00
bt Preparation for usb-bt-dongle conditional build 2013-09-10 11:14:41 +02:00
char irq: Allocate IRQs individually 2014-07-01 04:02:53 +02:00
core qdev: Fix crash when using non-device class name on -global 2014-07-06 09:13:54 +03:00
cpu icc_bus: QOM'ify ICC 2013-12-24 18:02:18 +01:00
cris machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
display cirrus: Fix host CPU blits 2014-07-11 10:17:02 +02:00
dma hw: Fix qemu_allocate_irqs() leaks 2014-06-30 21:13:30 +02:00
gpio savevm: Remove all the unneeded version_minimum_id_old (arm) 2014-05-13 16:09:35 +01:00
i2c savevm: Remove all the unneeded version_minimum_id_old (rest) 2014-05-14 15:24:51 +02:00
i386 pc: make isapc and pc-0.10 to pc-0.13 have 1.7.0 memory layout 2014-06-29 18:59:41 +03:00
ide ahci: map memory via device's address space instead of address_space_memory 2014-07-07 10:22:43 +02:00
input input: fix jumpy mouse cursor with USB mouse emulation 2014-07-01 13:26:37 +02:00
intc xics: Implement xics_ics_free() 2014-06-27 13:48:26 +02:00
ipack irq: Allocate IRQs individually 2014-07-01 04:02:53 +02:00
isa acpi: implement ospm_status() method for PIIX4/ICH9_LPC devices 2014-06-19 18:44:22 +03:00
lm32 machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
m68k machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
mem pc-dimm: error out if memory hotplug is not enabled 2014-07-06 09:13:54 +03:00
microblaze ssi: Name the CS GPIO 2014-05-28 17:36:21 +02:00
mips gt64xxx_pci: Add VMStateDescription 2014-06-20 23:40:16 +02:00
misc hw: Fix qemu_allocate_irqs() leaks 2014-06-30 21:13:30 +02:00
moxie hw/moxie/moxiesim.c: Remove unused moxie_intc_create() 2014-06-24 20:01:24 +04:00
net vhost-net: disable when cross-endian 2014-06-29 19:39:43 +03:00
nvram spapr: Fix RTAS token numbers 2014-06-27 13:48:22 +02:00
openrisc machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
pci pci: assign devfn to pci_dev before calling pci_device_iommu_address_space() 2014-07-06 09:13:54 +03:00
pci-bridge hw/pcie: implement power controller functionality 2014-06-23 17:48:42 +03:00
pci-host prep: Remove PCI memory hack related to OpenHack'Ware 2014-07-07 16:46:35 +02:00
pcmcia hw: Fix qemu_allocate_irqs() leaks 2014-06-30 21:13:30 +02:00
ppc hw/ppc/spapr_hcall.c: Add ULL suffix to 64 bit constant 2014-07-08 16:03:19 +01:00
s390x s390x/css: reflect cpa in scsw 2014-07-08 15:08:03 +02:00
scsi virtio-scsi: scsi events must be converted to target endianness 2014-07-01 09:40:38 +02:00
sd hw: Fix qemu_allocate_irqs() leaks 2014-06-30 21:13:30 +02:00
sh4 hw: Fix qemu_allocate_irqs() leaks 2014-06-30 21:13:30 +02:00
sparc tcx: move initialisation from realizefn to initfn 2014-06-05 20:51:57 +01:00
sparc64 machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
ssi ssi: Name the CS GPIO 2014-05-28 17:36:21 +02:00
timer Merge remote-tracking branch 'remotes/bonzini/memory' into staging 2014-07-01 11:55:49 +01:00
tpm aio / timers: Untangle include files 2013-08-22 19:10:27 +02:00
unicore32 machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
usb ccid-card-emulated: use EventNotifier 2014-07-01 15:49:51 +02:00
virtio virtio-pci: fix MSI memory region use after free 2014-07-06 09:13:54 +03:00
watchdog qapi event: clean up in callers 2014-06-27 09:27:56 -04:00
xen xen_backend: introduce xenstore_read_uint64 and xenstore_read_fe_uint64 2014-07-07 10:37:40 +00:00
xenpv machine: Conversion of QEMUMachineInitArgs to MachineState 2014-05-28 17:35:01 +02:00
xtensa hw/xtensa/xtfpga: implement initrd loading 2014-06-29 02:32:42 +04:00
Makefile.objs pc: implement pc-dimm device abstraction 2014-06-19 16:41:47 +03:00