[Qemu-devel] [BUG] Crash in cirrus_do_copy() with cirrus_blt_srcpitch == 0

[Qemu-devel] [BUG] Crash in cirrus_do_copy() with cirrus_blt_srcpitch == 0

[Stuart Brady]

Hi,

Windows NT 4.0 SP1 crashes in cirrus_do_copy() when attempting to
apply display settings (i.e. depth/resolution) at the following point:

Program received signal SIGFPE, Arithmetic exception.
[Switching to Thread 0x7f6197c066e0 (LWP 31336)]
0x000000000045d1cf in cirrus_bitblt_start (s=0x2ac8240)
    at /home/sdb/src/qemu/qemu-svn/hw/cirrus_vga.c:733
733	    sx = (src % ABS(s->cirrus_blt_srcpitch)) / depth;
(gdb) print s->cirrus_blt_srcpitch
$1 = 0
(gdb) print s->cirrus_blt_dstpitch
$2 = 1

I'm not sure whether NT is just being silly, here.  If it is, then I
suppose we would need to add a check for srcpitch != 0 and dstpitch != 0
to BLTUNSAFE()...

Any thoughts?

Cheers,
-- 
Stuart Brady

Re: [Qemu-devel] [BUG] Crash in cirrus_do_copy() with cirrus_blt_srcpitch == 0

[Stuart Brady]

On Sat, Mar 14, 2009 at 02:01:40PM +0000, Stuart Brady wrote:
> I'm not sure whether NT is just being silly, here.  If it is, then I
> suppose we would need to add a check for srcpitch != 0 and dstpitch != 0
> to BLTUNSAFE()...

FWIW, adding this check to BLTUNSAFE() stops QEMU crashing, but doesn't
get NT working -- the QEMU display gets resized to 640x480, and the
entire display contains white pixels.

Cheers,
-- 
Stuart Brady