From: "Andreas Färber" <afaerber@suse.de>
To: qemu-devel@nongnu.org
Cc: "Anthony Liguori" <aliguori@us.ibm.com>,
"Markus Armbruster" <armbru@redhat.com>,
kvm@suse.de, qemu-stable@nongnu.org,
"Bruce Rogers" <brogers@suse.com>,
"Andreas Färber" <afaerber@suse.de>
Subject: [Qemu-devel] [PATCH stable-0.15 24/36] console: Fix rendering of VGA underline
Date: Wed, 28 Mar 2012 14:52:27 +0200 [thread overview]
Message-ID: <1332939159-16434-25-git-send-email-afaerber@suse.de> (raw)
In-Reply-To: <1332939159-16434-1-git-send-email-afaerber@suse.de>
From: Markus Armbruster <armbru@redhat.com>
vga_putcharxy()'s underline code sets font_data to 0xffff instead of
0xff. vga_putcharxy() then reads dmask16[0xffff >> 4] and
dmask4[0xffff >> 6]. In practice, these out-of-bounds subscripts
"only" put a few crap bits into the display surface.
For 32 bit pixels, there's no array access. font_data's extra bits go
straight into the display surface.
Broken when commit 6d6f7c28 implemented underline.
Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 439229c7cb97f6c4cddd3965c3e9d2b8319fe83c)
Signed-off-by: Bruce Rogers <brogers@suse.com>
Signed-off-by: Andreas Färber <afaerber@suse.de>
---
console.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/console.c b/console.c
index 242086c..07c82b8 100644
--- a/console.c
+++ b/console.c
@@ -461,7 +461,7 @@ static void vga_putcharxy(DisplayState *ds, int x, int y, int ch,
font_data = *font_ptr++;
if (t_attrib->uline
&& ((i == FONT_HEIGHT - 2) || (i == FONT_HEIGHT - 3))) {
- font_data = 0xFFFF;
+ font_data = 0xFF;
}
((uint32_t *)d)[0] = (dmask16[(font_data >> 4)] & xorcol) ^ bgcol;
((uint32_t *)d)[1] = (dmask16[(font_data >> 0) & 0xf] & xorcol) ^ bgcol;
@@ -474,7 +474,7 @@ static void vga_putcharxy(DisplayState *ds, int x, int y, int ch,
font_data = *font_ptr++;
if (t_attrib->uline
&& ((i == FONT_HEIGHT - 2) || (i == FONT_HEIGHT - 3))) {
- font_data = 0xFFFF;
+ font_data = 0xFF;
}
((uint32_t *)d)[0] = (dmask4[(font_data >> 6)] & xorcol) ^ bgcol;
((uint32_t *)d)[1] = (dmask4[(font_data >> 4) & 3] & xorcol) ^ bgcol;
@@ -487,7 +487,7 @@ static void vga_putcharxy(DisplayState *ds, int x, int y, int ch,
for(i = 0; i < FONT_HEIGHT; i++) {
font_data = *font_ptr++;
if (t_attrib->uline && ((i == FONT_HEIGHT - 2) || (i == FONT_HEIGHT - 3))) {
- font_data = 0xFFFF;
+ font_data = 0xFF;
}
((uint32_t *)d)[0] = (-((font_data >> 7)) & xorcol) ^ bgcol;
((uint32_t *)d)[1] = (-((font_data >> 6) & 1) & xorcol) ^ bgcol;
--
1.7.7
next prev parent reply other threads:[~2012-03-28 12:53 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-28 12:52 [Qemu-devel] [PATCH stable-0.15 00/36] Preparing 0.15.2 Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 01/36] ccid: Fix buffer overrun in handling of VSC_ATR message Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 02/36] qdev: Reset hot-plugged devices Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 03/36] e1000: use MII status register for link up/down Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 04/36] e1000: Don't set the Capabilities List bit Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 05/36] e1000: bounds packet size against buffer size Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 06/36] compatfd.c: Don't pass NULL pointer to SYS_signalfd Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 07/36] kvm: avoid reentring kvm_flush_coalesced_mmio_buffer() Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 08/36] vmdk: vmdk_read_cid returns garbage if p_name is NULL Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 09/36] block: Fix bdrv_open use after free Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 10/36] ide: Fix off-by-one error in array index check Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 11/36] acl: Fix use after free in qemu_acl_reset() Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 12/36] migration: flush migration data to disk Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 13/36] Fix X86 CPU topology in KVM mode Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 14/36] hw/lan9118.c: Add missing 'break' to fix buffer overrun Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 15/36] ac97: don't override the pci subsystem id Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 16/36] vvfat: Fix potential buffer overflow Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 17/36] vns/tls: don't use depricated gnutls functions Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 18/36] block/curl: Implement a flush function on the fd handlers Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 19/36] hda: do not mix output and input streams, RHBZ #740493 Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 20/36] hda: do not mix output and input stream states, " Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 21/36] Teach block/vdi about "discarded" (no longer allocated) blocks Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 22/36] vmdk: Improve error handling Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 23/36] block: set bs->read_only before .bdrv_open() Andreas Färber
2012-03-28 12:52 ` Andreas Färber [this message]
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 25/36] block: Fix vpc initialization of the Dynamic Disk Header Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 26/36] qcow: Fix bdrv_write_compressed error handling Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 27/36] block: reinitialize across bdrv_close()/bdrv_open() Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 28/36] qxl: stride fixup Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 29/36] vmdk: Fix possible segfaults Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 30/36] pc: Fix floppy drives with if=none Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 31/36] cpu-common: Have a ram_addr_t of uint64 with Xen Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 32/36] Error check find_ram_offset Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 33/36] pc: add pc-0.15 Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 34/36] pc: fix event_idx compatibility for virtio devices Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 35/36] Add missing trace call to oslib-posix.c:qemu_vmalloc() Andreas Färber
2012-03-28 12:52 ` [Qemu-devel] [PATCH stable-0.15 36/36] qemu_vmalloc: align properly for transparent hugepages and KVM Andreas Färber
2012-03-28 17:06 ` [Qemu-devel] [PATCH stable-0.15 00/36] Preparing 0.15.2 Stefan Weil
2012-06-10 22:11 ` Andreas Färber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1332939159-16434-25-git-send-email-afaerber@suse.de \
--to=afaerber@suse.de \
--cc=aliguori@us.ibm.com \
--cc=armbru@redhat.com \
--cc=brogers@suse.com \
--cc=kvm@suse.de \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).