|
 |
725f84 |
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
725f84 |
Date: Wed, 29 Oct 2014 12:56:09 +0100
|
|
|
725f84 |
Subject: [PATCH] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect
|
|
|
725f84 |
|
|
|
725f84 |
Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL.
|
|
|
725f84 |
|
|
|
725f84 |
Cc: qemu-stable@nongnu.org
|
|
|
725f84 |
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
725f84 |
Reviewed-by: Don Koch <dkoch@verizon.com>
|
|
|
725f84 |
---
|
|
|
725f84 |
hw/display/vmware_vga.c | 20 ++++++++++++++------
|
|
|
725f84 |
1 file changed, 14 insertions(+), 6 deletions(-)
|
|
|
725f84 |
|
|
|
725f84 |
diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
|
|
|
725f84 |
index 718746e..c2e0a43 100644
|
|
|
725f84 |
--- a/hw/display/vmware_vga.c
|
|
|
725f84 |
+++ b/hw/display/vmware_vga.c
|
|
|
725f84 |
@@ -29,8 +29,8 @@
|
|
|
725f84 |
#include "hw/pci/pci.h"
|
|
|
725f84 |
|
|
|
725f84 |
#undef VERBOSE
|
|
|
725f84 |
-#if 0
|
|
|
725f84 |
#define HW_RECT_ACCEL
|
|
|
725f84 |
+#if 0
|
|
|
725f84 |
#define HW_FILL_ACCEL
|
|
|
725f84 |
#endif
|
|
|
725f84 |
#define HW_MOUSE_ACCEL
|
|
|
725f84 |
@@ -406,7 +406,7 @@ static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s)
|
|
|
725f84 |
}
|
|
|
725f84 |
|
|
|
725f84 |
#ifdef HW_RECT_ACCEL
|
|
|
725f84 |
-static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
|
|
|
725f84 |
+static inline int vmsvga_copy_rect(struct vmsvga_state_s *s,
|
|
|
725f84 |
int x0, int y0, int x1, int y1, int w, int h)
|
|
|
725f84 |
{
|
|
|
725f84 |
DisplaySurface *surface = qemu_console_surface(s->vga.con);
|
|
|
725f84 |
@@ -417,6 +417,13 @@ static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
|
|
|
725f84 |
int line = h;
|
|
|
725f84 |
uint8_t *ptr[2];
|
|
|
725f84 |
|
|
|
725f84 |
+ if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) {
|
|
|
725f84 |
+ return -1;
|
|
|
725f84 |
+ }
|
|
|
725f84 |
+ if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) {
|
|
|
725f84 |
+ return -1;
|
|
|
725f84 |
+ }
|
|
|
725f84 |
+
|
|
|
725f84 |
if (y1 > y0) {
|
|
|
725f84 |
ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
|
|
|
725f84 |
ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
|
|
|
725f84 |
@@ -432,6 +439,7 @@ static inline void vmsvga_copy_rect(struct vmsvga_state_s *s,
|
|
|
725f84 |
}
|
|
|
725f84 |
|
|
|
725f84 |
vmsvga_update_rect_delayed(s, x1, y1, w, h);
|
|
|
725f84 |
+ return 0;
|
|
|
725f84 |
}
|
|
|
725f84 |
#endif
|
|
|
725f84 |
|
|
|
725f84 |
@@ -625,12 +633,12 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s)
|
|
|
725f84 |
width = vmsvga_fifo_read(s);
|
|
|
725f84 |
height = vmsvga_fifo_read(s);
|
|
|
725f84 |
#ifdef HW_RECT_ACCEL
|
|
|
725f84 |
- vmsvga_copy_rect(s, x, y, dx, dy, width, height);
|
|
|
725f84 |
- break;
|
|
|
725f84 |
-#else
|
|
|
725f84 |
+ if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) {
|
|
|
725f84 |
+ break;
|
|
|
725f84 |
+ }
|
|
|
725f84 |
+#endif
|
|
|
725f84 |
args = 0;
|
|
|
725f84 |
goto badcmd;
|
|
|
725f84 |
-#endif
|
|
|
725f84 |
|
|
|
725f84 |
case SVGA_CMD_DEFINE_CURSOR:
|
|
|
725f84 |
len -= 8;
|