We check end of screen before writing the pixel but before that
complement color also accesses screen pixel so we have to check before
that. This fixes a segmentation fault with guest_hwcursor when pointer
is partially out of screen at lower right corner.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
---
hw/display/ati.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/hw/display/ati.c b/hw/display/ati.c
index 7543065456..9fb798b3e9 100644
--- a/hw/display/ati.c
+++ b/hw/display/ati.c
@@ -216,6 +216,9 @@ static void ati_cursor_draw_line(VGACommonState *vga, uint8_t *d, int scr_y)
uint8_t abits = vga_read_byte(vga, srcoff + i);
uint8_t xbits = vga_read_byte(vga, srcoff + i + 8);
for (j = 0; j < 8; j++, abits <<= 1, xbits <<= 1, idx++) {
+ if (vga->hw_cursor_x + idx >= h) {
+ return; /* end of screen, don't span to next line */
+ }
if (abits & BIT(7)) {
if (xbits & BIT(7)) {
color = dp[idx] ^ 0xffffffff; /* complement */
@@ -226,9 +229,6 @@ static void ati_cursor_draw_line(VGACommonState *vga, uint8_t *d, int scr_y)
color = (xbits & BIT(7) ? s->regs.cur_color1 :
s->regs.cur_color0) | 0xff000000;
}
- if (vga->hw_cursor_x + idx >= h) {
- return; /* end of screen, don't span to next line */
- }
dp[idx] = color;
}
}
--
2.41.3