On Wed, 15 Oct 2014 12:10:38 +0200 Gerd Hoffmann <kra...@redhat.com> wrote:
> Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL. > > Cc: qemu-sta...@nongnu.org > Signed-off-by: Gerd Hoffmann <kra...@redhat.com> > --- > hw/display/vmware_vga.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c > index 9d79de6..1fc9641 100644 > --- a/hw/display/vmware_vga.c > +++ b/hw/display/vmware_vga.c > @@ -29,8 +29,8 @@ > #include "hw/pci/pci.h" > > #undef VERBOSE > -#if 0 > #define HW_RECT_ACCEL > +#if 0 > #define HW_FILL_ACCEL > #endif > #define HW_MOUSE_ACCEL > @@ -417,6 +417,13 @@ static inline void vmsvga_copy_rect(struct > vmsvga_state_s *s, > int line = h; > uint8_t *ptr[2]; > > + if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) { > + return; > + } > + if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) { > + return; > + } > + If I read this correctly, if either the source or destination are even partially off-screen, the copy silently fails, which sounds wrong. I'd suggest having this function return false if one of these checks fail so the caller can do something appropriate (like "goto badcmd"). -d > if (y1 > y0) { > ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1); > ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1); > -- > 1.8.3.1 > >