[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3 4/4] vga: Fix divide-by-zero in vga_update_text
From: |
arei.gonglei |
Subject: |
[Qemu-devel] [PATCH v3 4/4] vga: Fix divide-by-zero in vga_update_text |
Date: |
Tue, 10 Jun 2014 17:20:27 +0800 |
From: Gonglei <address@hidden>
Spotted by Coverity:
(20) Event cond_true: Condition "cursor_visible", taking true branch
(21) Event cond_true: Condition "cursor_offset < size", taking true branch
(22) Event cond_true: Condition "cursor_offset >= 0", taking true branch
2097 if (cursor_visible && cursor_offset < size && cursor_offset >= 0)
(23) Event divide_by_zero: In expression "cursor_offset / width",
division by expression "width" which may be zero has undefined behavior.
2098 dpy_text_cursor(s->con,
2099 TEXTMODE_X(cursor_offset),
2100 TEXTMODE_Y(cursor_offset));
Signed-off-by: Gonglei <address@hidden>
---
hw/display/vga.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/display/vga.c b/hw/display/vga.c
index 8cd6afe..3c1c6eb 100644
--- a/hw/display/vga.c
+++ b/hw/display/vga.c
@@ -2094,7 +2094,7 @@ static void vga_update_text(void *opaque, console_ch_t
*chardata)
s->cr[VGA_CRTC_CURSOR_START] != s->cursor_start ||
s->cr[VGA_CRTC_CURSOR_END] != s->cursor_end || full_update) {
cursor_visible = !(s->cr[VGA_CRTC_CURSOR_START] & 0x20);
- if (cursor_visible && cursor_offset < size && cursor_offset >= 0)
+ if (cursor_visible && cursor_offset < size && cursor_offset > 0)
dpy_text_cursor(s->con,
TEXTMODE_X(cursor_offset),
TEXTMODE_Y(cursor_offset));
--
1.7.12.4
[Qemu-devel] [PATCH v3 4/4] vga: Fix divide-by-zero in vga_update_text,
arei.gonglei <=
[Qemu-devel] [PATCH v3 2/4] qemu-bridge-helper: Fix fd leak in main(), arei.gonglei, 2014/06/10