A call to ati_2d_blt implies that the source will be vram. Checking bounds is useful in that case. Other sources (HOST_DATA) will not make sense to check against vram bounds.
Signed-off-by: Chad Jablonski <[email protected]> --- hw/display/ati_2d.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c index 8a820bc91f..463da001d9 100644 --- a/hw/display/ati_2d.c +++ b/hw/display/ati_2d.c @@ -153,13 +153,6 @@ static void ati_2d_do_blt(ATI2DCtx *ctx, uint8_t use_pixman) return; } int src_stride_words = ctx->src_stride / sizeof(uint32_t); - if (ctx->src.x > 0x3fff || ctx->src.y > 0x3fff - || ctx->src_bits >= ctx->vram_end - || ctx->src_bits + ctx->src.x + (ctx->src.y + ctx->dst.height) - * ctx->src_stride >= ctx->vram_end) { - qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); - return; - } DPRINTF("pixman_blt(%p, %p, %d, %d, %d, %d, %d, %d, %d, %d, %d, %d)\n", ctx->src_bits, ctx->dst_bits, src_stride_words, @@ -267,6 +260,12 @@ void ati_2d_blt(ATIVGAState *s) { ATI2DCtx ctx; setup_2d_blt_ctx(s, &ctx); + if (ctx.src.x > 0x3fff || ctx.src.y > 0x3fff + || ctx.src_bits >= ctx.vram_end || ctx.src_bits + ctx.src.x + + (ctx.src.y + ctx.dst.height) * ctx.src_stride >= ctx.vram_end) { + qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n"); + return; + } ati_2d_do_blt(&ctx, s->use_pixman); ati_set_dirty(&s->vga, &ctx); } -- 2.52.0
