[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 1/4] sm501: Fix bounds checks
From: |
BALATON Zoltan |
Subject: |
[PATCH 1/4] sm501: Fix bounds checks |
Date: |
Sat, 06 Jun 2020 21:17:36 +0200 |
We don't need to add width to pitch when calculating last point, that
would reject valid ops within the card's local_mem.
Fixes: b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
hw/display/sm501.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/display/sm501.c b/hw/display/sm501.c
index edd8d24a76..5ae320ddc3 100644
--- a/hw/display/sm501.c
+++ b/hw/display/sm501.c
@@ -723,8 +723,8 @@ static void sm501_2d_operation(SM501State *s)
dst_y -= height - 1;
}
- if (dst_base >= get_local_mem_size(s) || dst_base +
- (dst_x + width + (dst_y + height) * (dst_pitch + width)) *
+ if (dst_base >= get_local_mem_size(s) ||
+ dst_base + (dst_x + width + (dst_y + height) * dst_pitch) *
(1 << format) >= get_local_mem_size(s)) {
qemu_log_mask(LOG_GUEST_ERROR, "sm501: 2D op dest is outside vram.\n");
return;
@@ -749,8 +749,8 @@ static void sm501_2d_operation(SM501State *s)
src_y -= height - 1;
}
- if (src_base >= get_local_mem_size(s) || src_base +
- (src_x + width + (src_y + height) * (src_pitch + width)) *
+ if (src_base >= get_local_mem_size(s) ||
+ src_base + (src_x + width + (src_y + height) * src_pitch) *
(1 << format) >= get_local_mem_size(s)) {
qemu_log_mask(LOG_GUEST_ERROR,
"sm501: 2D op src is outside vram.\n");
--
2.21.3
Re: [PATCH 0/4] More sm501 fixes and optimisations, BALATON Zoltan, 2020/06/12