From: Avi Kivity <avi@redhat.com> To: Anthony Liguori <anthony@codemonkey.ws> Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [PATCH] Fix vga segfaults or screen corruption with large memory guests Date: Mon, 13 Apr 2009 13:10:47 +0300 [thread overview] Message-ID: <1239617447-4809-1-git-send-email-avi@redhat.com> (raw) page0 and friends are ram addresses; a smaller size will overflow and cause a segfault or random corruption. Change them to ram_addr_t. Signed-off-by: Avi Kivity <avi@redhat.com> --- hw/vga.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/hw/vga.c b/hw/vga.c index b53b743..22edec1 100644 --- a/hw/vga.c +++ b/hw/vga.c @@ -1587,8 +1587,9 @@ static void vga_sync_dirty_bitmap(VGAState *s) */ static void vga_draw_graphic(VGAState *s, int full_update) { - int y1, y, update, page_min, page_max, linesize, y_start, double_scan, mask, depth; - int width, height, shift_control, line_offset, page0, page1, bwidth, bits; + int y1, y, update, linesize, y_start, double_scan, mask, depth; + int width, height, shift_control, line_offset, bwidth, bits; + ram_addr_t page0, page1, page_min, page_max; int disp_width, multi_scan, multi_run; uint8_t *d; uint32_t v, addr1, addr; @@ -1726,8 +1727,8 @@ static void vga_draw_graphic(VGAState *s, int full_update) addr1 = (s->start_addr * 4); bwidth = (width * bits + 7) / 8; y_start = -1; - page_min = 0x7fffffff; - page_max = -1; + page_min = -1; + page_max = 0; d = ds_get_data(s->ds); linesize = ds_get_linesize(s->ds); y1 = 0; @@ -1794,7 +1795,7 @@ static void vga_draw_graphic(VGAState *s, int full_update) disp_width, y - y_start); } /* reset modified pages */ - if (page_max != -1) { + if (page_max >= page_min) { cpu_physical_memory_reset_dirty(page_min, page_max + TARGET_PAGE_SIZE, VGA_DIRTY_FLAG); } -- 1.6.1.1
WARNING: multiple messages have this Message-ID (diff)
From: Avi Kivity <avi@redhat.com> To: Anthony Liguori <anthony@codemonkey.ws> Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org Subject: [Qemu-devel] [PATCH] Fix vga segfaults or screen corruption with large memory guests Date: Mon, 13 Apr 2009 13:10:47 +0300 [thread overview] Message-ID: <1239617447-4809-1-git-send-email-avi@redhat.com> (raw) page0 and friends are ram addresses; a smaller size will overflow and cause a segfault or random corruption. Change them to ram_addr_t. Signed-off-by: Avi Kivity <avi@redhat.com> --- hw/vga.c | 11 ++++++----- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/hw/vga.c b/hw/vga.c index b53b743..22edec1 100644 --- a/hw/vga.c +++ b/hw/vga.c @@ -1587,8 +1587,9 @@ static void vga_sync_dirty_bitmap(VGAState *s) */ static void vga_draw_graphic(VGAState *s, int full_update) { - int y1, y, update, page_min, page_max, linesize, y_start, double_scan, mask, depth; - int width, height, shift_control, line_offset, page0, page1, bwidth, bits; + int y1, y, update, linesize, y_start, double_scan, mask, depth; + int width, height, shift_control, line_offset, bwidth, bits; + ram_addr_t page0, page1, page_min, page_max; int disp_width, multi_scan, multi_run; uint8_t *d; uint32_t v, addr1, addr; @@ -1726,8 +1727,8 @@ static void vga_draw_graphic(VGAState *s, int full_update) addr1 = (s->start_addr * 4); bwidth = (width * bits + 7) / 8; y_start = -1; - page_min = 0x7fffffff; - page_max = -1; + page_min = -1; + page_max = 0; d = ds_get_data(s->ds); linesize = ds_get_linesize(s->ds); y1 = 0; @@ -1794,7 +1795,7 @@ static void vga_draw_graphic(VGAState *s, int full_update) disp_width, y - y_start); } /* reset modified pages */ - if (page_max != -1) { + if (page_max >= page_min) { cpu_physical_memory_reset_dirty(page_min, page_max + TARGET_PAGE_SIZE, VGA_DIRTY_FLAG); } -- 1.6.1.1
next reply other threads:[~2009-04-13 10:10 UTC|newest] Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2009-04-13 10:10 Avi Kivity [this message] 2009-04-13 10:10 ` [Qemu-devel] [PATCH] Fix vga segfaults or screen corruption with large memory guests Avi Kivity
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1239617447-4809-1-git-send-email-avi@redhat.com \ --to=avi@redhat.com \ --cc=anthony@codemonkey.ws \ --cc=kvm@vger.kernel.org \ --cc=qemu-devel@nongnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.