Re: [Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect

2014-10-16 Thread Don Koch
On Wed, 15 Oct 2014 12:10:38 +0200
Gerd Hoffmann kra...@redhat.com wrote:

 Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL.
 
 Cc: qemu-sta...@nongnu.org
 Signed-off-by: Gerd Hoffmann kra...@redhat.com
 ---
  hw/display/vmware_vga.c | 9 -
  1 file changed, 8 insertions(+), 1 deletion(-)
 
 diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
 index 9d79de6..1fc9641 100644
 --- a/hw/display/vmware_vga.c
 +++ b/hw/display/vmware_vga.c
 @@ -29,8 +29,8 @@
  #include hw/pci/pci.h
  
  #undef VERBOSE
 -#if 0
  #define HW_RECT_ACCEL
 +#if 0
  #define HW_FILL_ACCEL
  #endif
  #define HW_MOUSE_ACCEL
 @@ -417,6 +417,13 @@ static inline void vmsvga_copy_rect(struct 
 vmsvga_state_s *s,
  int line = h;
  uint8_t *ptr[2];
  
 +if (!vmsvga_verify_rect(surface, vmsvga_copy_rect/src, x0, y0, w, h)) {
 +return;
 +}
 +if (!vmsvga_verify_rect(surface, vmsvga_copy_rect/dst, x1, y1, w, h)) {
 +return;
 +}
 +

If I read this correctly, if either the source or destination are even partially
off-screen, the copy silently fails, which sounds wrong.

I'd suggest having this function return false if one of these checks fail so the
caller can do something appropriate (like goto badcmd).

-d

  if (y1  y0) {
  ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
  ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
 -- 
 1.8.3.1
 
 



[Qemu-devel] [PATCH v2 4/5] vmware-vga: use vmsvga_verify_rect in vmsvga_copy_rect

2014-10-15 Thread Gerd Hoffmann
Add verification to vmsvga_copy_rect, re-enable HW_RECT_ACCEL.

Cc: qemu-sta...@nongnu.org
Signed-off-by: Gerd Hoffmann kra...@redhat.com
---
 hw/display/vmware_vga.c | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c
index 9d79de6..1fc9641 100644
--- a/hw/display/vmware_vga.c
+++ b/hw/display/vmware_vga.c
@@ -29,8 +29,8 @@
 #include hw/pci/pci.h
 
 #undef VERBOSE
-#if 0
 #define HW_RECT_ACCEL
+#if 0
 #define HW_FILL_ACCEL
 #endif
 #define HW_MOUSE_ACCEL
@@ -417,6 +417,13 @@ static inline void vmsvga_copy_rect(struct vmsvga_state_s 
*s,
 int line = h;
 uint8_t *ptr[2];
 
+if (!vmsvga_verify_rect(surface, vmsvga_copy_rect/src, x0, y0, w, h)) {
+return;
+}
+if (!vmsvga_verify_rect(surface, vmsvga_copy_rect/dst, x1, y1, w, h)) {
+return;
+}
+
 if (y1  y0) {
 ptr[0] = vram + bypp * x0 + bypl * (y0 + h - 1);
 ptr[1] = vram + bypp * x1 + bypl * (y1 + h - 1);
-- 
1.8.3.1