From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LiUQz-0007da-Iw
	for qemu-devel@nongnu.org; Sat, 14 Mar 2009 10:01:53 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LiUQu-0007d7-S3
	for qemu-devel@nongnu.org; Sat, 14 Mar 2009 10:01:53 -0400
Received: from [199.232.76.173] (port=34158 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LiUQu-0007d4-MJ
	for qemu-devel@nongnu.org; Sat, 14 Mar 2009 10:01:48 -0400
Received: from mtaout01-winn.ispmail.ntl.com ([81.103.221.47]:19598)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <sdbrady@ntlworld.com>) id 1LiUQt-0004zd-H2
	for qemu-devel@nongnu.org; Sat, 14 Mar 2009 10:01:48 -0400
Received: from aamtaout04-winn.ispmail.ntl.com ([81.103.221.35])
	by mtaout01-winn.ispmail.ntl.com
	(InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id
	<20090314140146.VVSO2989.mtaout01-winn.ispmail.ntl.com@aamtaout04-winn.ispmail.ntl.com>
	for <qemu-devel@nongnu.org>; Sat, 14 Mar 2009 14:01:46 +0000
Received: from miranda.arrow ([213.107.21.171])
	by aamtaout04-winn.ispmail.ntl.com
	(InterMail vG.2.02.00.01 201-2161-120-102-20060912) with ESMTP id
	<20090314140146.PMXY22934.aamtaout04-winn.ispmail.ntl.com@miranda.arrow>
	for <qemu-devel@nongnu.org>; Sat, 14 Mar 2009 14:01:46 +0000
Received: from sdb by miranda.arrow with local (Exim 4.63)
	(envelope-from <sdbrady@ntlworld.com>) id 1LiUQm-0005zH-Qx
	for qemu-devel@nongnu.org; Sat, 14 Mar 2009 14:01:40 +0000
Date: Sat, 14 Mar 2009 14:01:40 +0000
From: Stuart Brady <sdbrady@ntlworld.com>
Message-ID: <20090314140140.GA22970@miranda.arrow>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [Qemu-devel] [BUG] Crash in cirrus_do_copy() with
	cirrus_blt_srcpitch == 0
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Hi,

Windows NT 4.0 SP1 crashes in cirrus_do_copy() when attempting to
apply display settings (i.e. depth/resolution) at the following point:

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread 0x7f6197c066e0 (LWP 31336)]
0x000000000045d1cf in cirrus_bitblt_start (s=0x2ac8240)
    at /home/sdb/src/qemu/qemu-svn/hw/cirrus_vga.c:733
733	    sx = (src % ABS(s->cirrus_blt_srcpitch)) / depth;
(gdb) print s->cirrus_blt_srcpitch
$1 = 0
(gdb) print s->cirrus_blt_dstpitch
$2 = 1

I'm not sure whether NT is just being silly, here.  If it is, then I
suppose we would need to add a check for srcpitch != 0 and dstpitch != 0
to BLTUNSAFE()...

Any thoughts?

Cheers,
-- 
Stuart Brady