From: Gerd Hoffmann Date: Wed, 29 Oct 2014 12:56:10 +0100 Subject: [PATCH] vmware-vga: use vmsvga_verify_rect in vmsvga_fill_rect Add verification to vmsvga_fill_rect, re-enable HW_FILL_ACCEL. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann Reviewed-by: Don Koch --- hw/display/vmware_vga.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c index c2e0a43..d44e3e8 100644 --- a/hw/display/vmware_vga.c +++ b/hw/display/vmware_vga.c @@ -30,9 +30,7 @@ #undef VERBOSE #define HW_RECT_ACCEL -#if 0 #define HW_FILL_ACCEL -#endif #define HW_MOUSE_ACCEL #include "vga_int.h" @@ -444,7 +442,7 @@ static inline int vmsvga_copy_rect(struct vmsvga_state_s *s, #endif #ifdef HW_FILL_ACCEL -static inline void vmsvga_fill_rect(struct vmsvga_state_s *s, +static inline int vmsvga_fill_rect(struct vmsvga_state_s *s, uint32_t c, int x, int y, int w, int h) { DisplaySurface *surface = qemu_console_surface(s->vga.con); @@ -457,6 +455,10 @@ static inline void vmsvga_fill_rect(struct vmsvga_state_s *s, uint8_t *src; uint8_t col[4]; + if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { + return -1; + } + col[0] = c; col[1] = c >> 8; col[2] = c >> 16; @@ -481,6 +483,7 @@ static inline void vmsvga_fill_rect(struct vmsvga_state_s *s, } vmsvga_update_rect_delayed(s, x, y, w, h); + return 0; } #endif @@ -613,12 +616,12 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s) width = vmsvga_fifo_read(s); height = vmsvga_fifo_read(s); #ifdef HW_FILL_ACCEL - vmsvga_fill_rect(s, colour, x, y, width, height); - break; -#else + if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) { + break; + } +#endif args = 0; goto badcmd; -#endif case SVGA_CMD_RECT_COPY: len -= 7;