From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [PULL 1/4] cirrus: handle negative pitch in cirrus_invalidate_region()
Date: Thu, 2 Feb 2017 16:05:04 +0100 [thread overview]
Message-ID: <1486047907-26685-2-git-send-email-kraxel@redhat.com> (raw)
In-Reply-To: <1486047907-26685-1-git-send-email-kraxel@redhat.com>
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
cirrus_invalidate_region() calls memory_region_set_dirty()
on a per-line basis, always ranging from off_begin to
off_begin+bytesperline. With a negative pitch off_begin
marks the top most used address and thus we need to do an
initial shift backwards by a line for negative pitches of
backward blits, otherwise the first iteration covers the
line going from the start offset forwards instead of
backwards.
Additionally since the start address is inclusive, if we
shift by a full `bytesperline` we move to the first address
*not* included in the blit, so we only shift by one less
than bytesperline.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Message-id: 1485352137-29367-1-git-send-email-w.bumiller@proxmox.com
[ kraxel: codestyle fixes ]
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/display/cirrus_vga.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 379910d..0f05e45 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -661,9 +661,14 @@ static void cirrus_invalidate_region(CirrusVGAState * s, int off_begin,
int off_cur;
int off_cur_end;
+ if (off_pitch < 0) {
+ off_begin -= bytesperline - 1;
+ }
+
for (y = 0; y < lines; y++) {
off_cur = off_begin;
off_cur_end = (off_cur + bytesperline) & s->cirrus_addr_mask;
+ assert(off_cur_end >= off_cur);
memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_cur);
off_begin += off_pitch;
}
--
1.8.3.1
next prev parent reply other threads:[~2017-02-02 15:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-02 15:05 [Qemu-devel] [PULL 0/4] cirrus: multiple bugfixes, including CVE-2017-2615 fix Gerd Hoffmann
2017-02-02 15:05 ` Gerd Hoffmann [this message]
2017-02-02 15:05 ` [Qemu-devel] [PULL 2/4] cirrus: allow zero source pitch in pattern fill rops Gerd Hoffmann
2017-02-02 15:05 ` [Qemu-devel] [PULL 3/4] cirrus: fix blit address mask handling Gerd Hoffmann
2017-02-02 15:05 ` [Qemu-devel] [PULL 4/4] cirrus: fix oob access issue (CVE-2017-2615) Gerd Hoffmann
2017-02-03 11:36 ` [Qemu-devel] [PULL 0/4] cirrus: multiple bugfixes, including CVE-2017-2615 fix Peter Maydell
-- strict thread matches above, loose matches on Subject: below --
2017-02-02 8:23 Gerd Hoffmann
2017-02-02 8:23 ` [Qemu-devel] [PULL 1/4] cirrus: handle negative pitch in cirrus_invalidate_region() Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1486047907-26685-2-git-send-email-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=w.bumiller@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).