qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RFC PATCH-for-7.2 3/4] hw/display/qxl: Pass requested buffer size t

From: Philippe Mathieu-Daudé
Subject: Re: [RFC PATCH-for-7.2 3/4] hw/display/qxl: Pass requested buffer size to qxl_phys2virt()
Date: Mon, 28 Nov 2022 12:11:37 +0100
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.5.0 
On 28/11/22 09:22, Marc-André Lureau wrote:

On Fri, Nov 25, 2022 at 9:35 PM Philippe Mathieu-Daudé
<philmd@linaro.org> wrote:


Currently qxl_phys2virt() doesn't check for buffer overrun.
In order to do so in the next commit, pass the buffer size
as argument.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>





---
RFC: Please double-check qxl_render_update_area_unlocked()
---
  hw/display/qxl-logger.c | 11 ++++++++---
  hw/display/qxl-render.c | 11 +++++++----
  hw/display/qxl.c        | 14 +++++++++-----
  hw/display/qxl.h        |  4 +++-
  4 files changed, 27 insertions(+), 13 deletions(-)




diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
index ca217004bf..1b0a50c1aa 100644
--- a/hw/display/qxl-render.c
+++ b/hw/display/qxl-render.c
@@ -107,7 +107,8 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice 
*qxl)
          qxl->guest_primary.resized = 0;
          qxl->guest_primary.data = qxl_phys2virt(qxl,
                                                  
qxl->guest_primary.surface.mem,
-                                                MEMSLOT_GROUP_GUEST);
+                                                MEMSLOT_GROUP_GUEST,
+                                                sizeof(uint32_t) * width * 
height);


It looks wrong, I think it should be:

qxl->guest_primary.abs_stride * height * qxl->guest_primary.bytes_pp


Isn't "bytes_pp" included in "abs_stride"?

If so, then "qxl->guest_primary.abs_stride * height" is enough..
reply via email to
[Prev in Thread] Current Thread [Next in Thread]