[PATCH] hw: cirrus_vga: mask 'off_begin' in cirrus_invalidate

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] hw: cirrus_vga: mask 'off_begin' in cirrus_invalidate_region()

From:	Li Qiang
Subject:	[PATCH] hw: cirrus_vga: mask 'off_begin' in cirrus_invalidate_region()
Date:	Thu, 20 Aug 2020 08:32:28 -0700

In the while loop of cirrus_invalidate_region() the 'off_begin'
increases every loop. It may be greater than 's->cirrus_addr_mask' thus
trigger the assert in the loop.

Following reproducer is provied in:

-->https://bugs.launchpad.net/qemu/+bug/1880189

qemu-system-i386 -M isapc,accel=qtest -vga cirrus -qtest stdio << 'EOF'
outl 0x03b1 0x2fdc1001
outb 0x03cc 0xe
outb 0x03cc 0xe
outb 0x03cc 0x2f
outb 0x03cc 0xe
outb 0x03cc 0x2f
outb 0x03cc 0xe
outl 0x03cc 0xedc100e
outb 0x03cc 0x2f
outl 0x03cc 0xe24f40e
outl 0x03cc 0x2f23dc12
outl 0x03cc 0xe23f40e
outl 0x03cc 0xe31dc12
outb 0x03cc 0x2f
outl 0x03cc 0xe2af40e
outl 0x03cc 0x2f235612
outl 0x03cc 0xe23f40e
outl 0x03cc 0xe31dc12
outb 0x03cc 0x2f
outl 0x03cc 0x2fdcf40e
outb 0x03cc 0xe
outl 0x03cc 0xedc100e
outb 0x03cc 0x2f
outl 0x03cc 0xe24f40e
outl 0x03cc 0xe23dc12
outb 0x03cc 0x2f
outl 0x03cc 0xedc100e
outl 0x03cc 0x2fdc400e
outb 0x03cc 0xe
outl 0x03cc 0xe130100e
outb 0x03cc 0x2f
outl 0x03cc 0xe23f40e
outl 0x03cc 0xe31dc12
outb 0x03cc 0x2f
outl 0x03cc 0xe33f40e
outl 0x03cc 0xdc235612
outb 0x03cc 0xe
outl 0x03cc 0x2fdc400e
outb 0x03cc 0xe
outl 0x03cc 0xfb24100e
outb 0x03cc 0x2f
outl 0x03cc 0xdc10dc0e
outl 0x03cc 0x2f31dc12
outl 0x03cc 0xe23f40e
outl 0x03cc 0xe31dc12
outb 0x03cc 0x2f
outl 0x03cc 0xe23f40e
outl 0x03cc 0xe31dc12
outb 0x03cc 0x2f
outl 0x03cc 0x1021f40e
EOF

This patch fixes this.

Buglink: https://bugs.launchpad.net/qemu/+bug/1880189
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Li Qiang <liq3ea@163.com>
---
 hw/display/cirrus_vga.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 212d6f5e61..93fabd19a7 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -644,7 +644,7 @@ static void cirrus_invalidate_region(CirrusVGAState * s, 
int off_begin,
         off_cur_end = ((off_cur + bytesperline - 1) & s->cirrus_addr_mask) + 1;
         assert(off_cur_end >= off_cur);
         memory_region_set_dirty(&s->vga.vram, off_cur, off_cur_end - off_cur);
-        off_begin += off_pitch;
+        off_begin = (off_begin + off_pitch) & s->cirrus_addr_mask;
     }
 }
 
-- 
2.17.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] hw: cirrus_vga: mask 'off_begin' in cirrus_invalidate_region(), Li Qiang <=
- Re: [PATCH] hw: cirrus_vga: mask 'off_begin' in cirrus_invalidate_region(), Gerd Hoffmann, 2020/08/21

Prev by Date: Re: [RFC PATCH 07/22] block/export: Remove magic from block-export-add
Next by Date: Re: [PATCH v2 26/58] xen-legacy-backend: Add missing typedef XenLegacyDevice
Previous by thread: [Bug 1874539] Re: tulip driver broken in v5.0.0-rc4
Next by thread: Re: [PATCH] hw: cirrus_vga: mask 'off_begin' in cirrus_invalidate_region()
Index(es):
- Date
- Thread