> -----Original Message-----
> From: Qemu-devel
> [mailto:qemu-devel-bounces+liqiang6-s=360.cn@nongnu.org] On Behalf Of
> Gerd Hoffmann
> Sent: Friday, March 17, 2017 3:22 PM
> To: qemu-devel@nongnu.org
> Cc: Gerd Hoffmann
> Subject: [Qemu-devel] [PATCH] cirrus: fix off-by-one in
> cirrus_bitblt_rop_bkwd_transp_*_16
>
> The switch from pointers to addresses (commit
> 026aeffcb4752054830ba203020ed6eb05bcaba8 and
> ffaf857778286ca54e3804432a2369a279e73aa7) added a off-by-one bug to
> 16bit backward blits. Fix.
>
> Reported-by: 李强 <liqiang6-s@360.cn>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Li Qiang <liqiang6-s@360.cn>
> ---
> hw/display/cirrus_vga_rop.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/display/cirrus_vga_rop.h b/hw/display/cirrus_vga_rop.h index
> c61a677..0841b9e 100644
> --- a/hw/display/cirrus_vga_rop.h
> +++ b/hw/display/cirrus_vga_rop.h
> @@ -219,7 +219,7 @@ glue(glue(cirrus_bitblt_rop_bkwd_transp_,
> ROP_NAME),_16)(CirrusVGAState *s,
> srcpitch += bltwidth;
> for (y = 0; y < bltheight; y++) {
> for (x = 0; x < bltwidth; x+=2) {
> - ROP_OP_TR_16(s, dstaddr, cirrus_src16(s, srcaddr), transp);
> + ROP_OP_TR_16(s, dstaddr - 1, cirrus_src16(s, srcaddr - 1),
> + transp);
> dstaddr -= 2;
> srcaddr -= 2;
> }
> --
> 1.8.3.1
>