diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2017-11-13 14:33:29 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2017-11-13 14:33:29 +0000 |
| commit | 4e8a737c092d25fe5ff99ac7bff01c222c1c017d (patch) | |
| tree | 6a8eb1e48c264f6216e1987d83ef982e357b201f /hw | |
| parent | 7edaf99759017d3e175e37cffc3536e86a3bd380 (diff) | |
| parent | cf7040e284069fc235172c187551b268c66d8553 (diff) | |
Merge remote-tracking branch 'remotes/kraxel/tags/vga-20171110-pull-request' into staging
vga: bugfixes for 2.11
# gpg: Signature made Fri 10 Nov 2017 13:26:30 GMT
# gpg: using RSA key 0x4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/vga-20171110-pull-request:
vmsvga: use ARRAY_SIZE macro
vga: fix region checks in wraparound case
virtio-gpu: fix bug in host memory calculation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw')
| -rw-r--r-- | hw/display/vga.c | 4 | ||||
| -rw-r--r-- | hw/display/virtio-gpu.c | 16 | ||||
| -rw-r--r-- | hw/display/vmware_vga.c | 5 |
3 files changed, 18 insertions, 7 deletions
diff --git a/hw/display/vga.c b/hw/display/vga.c index 1d19f6bc48..a64a0942da 100644 --- a/hw/display/vga.c +++ b/hw/display/vga.c @@ -1666,9 +1666,9 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) /* scanline wraps from end of video memory to the start */ assert(force_shadow); update = memory_region_snapshot_get_dirty(&s->vram, snap, - page0, 0); + page0, s->vbe_size - page0); update |= memory_region_snapshot_get_dirty(&s->vram, snap, - page1, 0); + 0, page1); } else { update = memory_region_snapshot_get_dirty(&s->vram, snap, page0, page1 - page0); diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 43bbe09ea0..274e365713 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -322,6 +322,18 @@ static pixman_format_code_t get_pixman_format(uint32_t virtio_gpu_format) } } +static uint32_t calc_image_hostmem(pixman_format_code_t pformat, + uint32_t width, uint32_t height) +{ + /* Copied from pixman/pixman-bits-image.c, skip integer overflow check. + * pixman_image_create_bits will fail in case it overflow. + */ + + int bpp = PIXMAN_FORMAT_BPP(pformat); + int stride = ((width * bpp + 0x1f) >> 5) * sizeof(uint32_t); + return height * stride; +} + static void virtio_gpu_resource_create_2d(VirtIOGPU *g, struct virtio_gpu_ctrl_command *cmd) { @@ -366,7 +378,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g, return; } - res->hostmem = PIXMAN_FORMAT_BPP(pformat) * c2d.width * c2d.height; + res->hostmem = calc_image_hostmem(pformat, c2d.width, c2d.height); if (res->hostmem + g->hostmem < g->conf.max_hostmem) { res->image = pixman_image_create_bits(pformat, c2d.width, @@ -1087,7 +1099,7 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size, return -EINVAL; } - res->hostmem = PIXMAN_FORMAT_BPP(pformat) * res->width * res->height; + res->hostmem = calc_image_hostmem(pformat, res->width, res->height); res->addrs = g_new(uint64_t, res->iov_cnt); res->iov = g_new(struct iovec, res->iov_cnt); diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c index cdc3fed6ca..0e6673a911 100644 --- a/hw/display/vmware_vga.c +++ b/hw/display/vmware_vga.c @@ -679,10 +679,9 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s) if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 - || SVGA_BITMAP_SIZE(x, y) - > sizeof(cursor.mask) / sizeof(cursor.mask[0]) + || SVGA_BITMAP_SIZE(x, y) > ARRAY_SIZE(cursor.mask) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) - > sizeof(cursor.image) / sizeof(cursor.image[0])) { + > ARRAY_SIZE(cursor.image)) { goto badcmd; } |