From nobody Fri Nov 14 19:24:24 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1589814869; cv=none; d=zohomail.com; s=zohoarc; b=cp9JSfKRpnnXxb3KFxilBTevFzDIf0i/Vd35OnV9JYAGO+qZc7PASRZINF9LG3IQIKpeqlHpqoG2U7D4K1pRwrkvoSYyh2Bud6HNGBwD+fQjUTrtCpWLVV417TNhXPODtbac8IYuDUrwB6LdlvrAUsWemCRGukmOlT734b2xsNk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589814869; h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To; bh=m+oXLR/s2hsUzUabYgFwDLrpvj1T3gZYj4iuWFEwGKY=; b=D7+6fkixffAX4FjMiRWlJzKAcfiGv5YKCUplY+qncpaa64SrPPawh7nwFpJexiKrDqrpHQFgdtmks6ByNRCUBFyposlUfe2baZKQsjn/joCOvpVmml+vW7243b/vZoJvnnbOmChnm1H2S421RRw+8feifmjp17yOduDWNhR1Uyw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1589814869121833.9221962314397; Mon, 18 May 2020 08:14:29 -0700 (PDT) Received: from localhost ([::1]:37660 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jahTG-0001Oe-Td for importer@patchew.org; Mon, 18 May 2020 11:14:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47632) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jahS2-0008CW-Rx for qemu-devel@nongnu.org; Mon, 18 May 2020 11:13:10 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:41654 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jahS1-0005xG-T8 for qemu-devel@nongnu.org; Mon, 18 May 2020 11:13:10 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-462-1Q3EqMwkP5yxQ8k2pWoYLg-1; Mon, 18 May 2020 11:13:06 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3EA49EC1A2; Mon, 18 May 2020 15:13:05 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-113-50.ams2.redhat.com [10.36.113.50]) by smtp.corp.redhat.com (Postfix) with ESMTP id C45515D9DD; Mon, 18 May 2020 15:13:04 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id C82BE9D54; Mon, 18 May 2020 17:12:55 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1589814788; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type:in-reply-to:in-reply-to: references:references; bh=m+oXLR/s2hsUzUabYgFwDLrpvj1T3gZYj4iuWFEwGKY=; b=Voql2cjRyEIkW3v4w7VQzED3Dz7ZQDHytrvUbuuNoqrCPssRegON+L7Bo3Mgxb63CdUKzG Nr2erfd4etPdBYErRzuL5K/fnKAw9ctm1/U5pQ9SU7bhslHPcaN7el/pe++lsqczif25ns PKnPhk30lNLlTHx4F4cuBvY45GekXCY= X-MC-Unique: 1Q3EqMwkP5yxQ8k2pWoYLg-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Subject: [PULL 8/8] ramfb: fix size calculation Date: Mon, 18 May 2020 17:12:55 +0200 Message-Id: <20200518151255.10785-9-kraxel@redhat.com> In-Reply-To: <20200518151255.10785-1-kraxel@redhat.com> References: <20200518151255.10785-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.120; envelope-from=kraxel@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/05/17 22:51:00 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Thomas Huth , Paolo Bonzini , Alex Williamson , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" size calculation isn't correct with guest-supplied stride, the last display line isn't accounted for correctly. For the typical case of stride > linesize (add padding) we error on the safe side (calculated size is larger than actual size). With stride < linesize (scanlines overlap) the calculated size is smaller than the actual size though so our guest memory mapping might end up being too small. While being at it also fix ramfb_create_display_surface to use hwaddr for the parameters. That way all calculation are done with hwaddr type and we can't get funny effects from type castings. Signed-off-by: Gerd Hoffmann Acked-by: Laszlo Ersek Message-id: 20200429115236.28709-7-kraxel@redhat.com --- hw/display/ramfb.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/hw/display/ramfb.c b/hw/display/ramfb.c index 52dae78db48f..79b9754a5820 100644 --- a/hw/display/ramfb.c +++ b/hw/display/ramfb.c @@ -44,10 +44,10 @@ static void ramfb_unmap_display_surface(pixman_image_t = *image, void *unused) =20 static DisplaySurface *ramfb_create_display_surface(int width, int height, pixman_format_code_t f= ormat, - int linesize, uint64_t= addr) + hwaddr stride, hwaddr = addr) { DisplaySurface *surface; - hwaddr size; + hwaddr size, mapsize, linesize; void *data; =20 if (width < 16 || width > VBE_DISPI_MAX_XRES || @@ -55,19 +55,20 @@ static DisplaySurface *ramfb_create_display_surface(int= width, int height, format =3D=3D 0 /* unknown format */) return NULL; =20 - if (linesize =3D=3D 0) { - linesize =3D width * PIXMAN_FORMAT_BPP(format) / 8; + linesize =3D width * PIXMAN_FORMAT_BPP(format) / 8; + if (stride =3D=3D 0) { + stride =3D linesize; } =20 - size =3D (hwaddr)linesize * height; - data =3D cpu_physical_memory_map(addr, &size, false); - if (size !=3D (hwaddr)linesize * height) { - cpu_physical_memory_unmap(data, size, 0, 0); + mapsize =3D size =3D stride * (height - 1) + linesize; + data =3D cpu_physical_memory_map(addr, &mapsize, false); + if (size !=3D mapsize) { + cpu_physical_memory_unmap(data, mapsize, 0, 0); return NULL; } =20 surface =3D qemu_create_displaysurface_from(width, height, - format, linesize, data); + format, stride, data); pixman_image_set_destroy_function(surface->image, ramfb_unmap_display_surface, NULL); =20 --=20 2.18.4