Hi,
> > > What seems to happen is that blit_is_unsafe() is also called for
> > > CIRRUS_BLTMODE_PATTERNCOPY, but in this case cirrus_blt_srcpitch is
> > > not used. However, because of this new check if its value is 0 then
> > > cirrus_bitblt_common_patterncopy() returns early and becomes a no-o
On Wed, Jan 11, 2017 at 09:43:41PM +0100, Gerd Hoffmann wrote:
> On Mi, 2017-01-11 at 16:59 +0200, Alberto Garcia wrote:
> > On Mon, Nov 28, 2016 at 11:52:08AM +0530, P J P wrote:
> > > | > --- a/hw/display/cirrus_vga.c
> > > | > +++ b/hw/display/cirrus_vga.c
> > > | > @@ -272,6 +272,9 @@ static vo
On Mi, 2017-01-11 at 16:59 +0200, Alberto Garcia wrote:
> On Mon, Nov 28, 2016 at 11:52:08AM +0530, P J P wrote:
> > | > --- a/hw/display/cirrus_vga.c
> > | > +++ b/hw/display/cirrus_vga.c
> > | > @@ -272,6 +272,9 @@ static void
> > cirrus_update_memory_access(CirrusVGAState
> > | > *s);
> > | >
On Mon, Nov 28, 2016 at 11:52:08AM +0530, P J P wrote:
> | > --- a/hw/display/cirrus_vga.c
> | > +++ b/hw/display/cirrus_vga.c
> | > @@ -272,6 +272,9 @@ static void cirrus_update_memory_access(CirrusVGAState
> | > *s);
> | > static bool blit_region_is_unsafe(struct CirrusVGAState *s,
> | >
+-- On Mon, 28 Nov 2016, P J P wrote --+
| +-- On Wed, 16 Nov 2016, Marc-André Lureau wrote --+
| | For completeness, do you have a reproducer and/or a backtrace?
|
| Yes, there is.
|
| ===
| Thread 4 "qemu-system-x86" received signal SIGFPE, Arithmetic exception.
| [Switching to Thread 0x700
Hello Marc, all
+-- On Wed, 16 Nov 2016, Marc-André Lureau wrote --+
| For completeness, do you have a reproducer and/or a backtrace?
Yes, there is.
===
Thread 4 "qemu-system-x86" received signal SIGFPE, Arithmetic exception.
[Switching to Thread 0x7002c700 (LWP 10506)]
0x5599fe2e
Hi
On Tue, Oct 18, 2016 at 11:46 AM P J P wrote:
> From: Prasad J Pandit
>
> In Cirrus CLGD 54xx VGA Emulator, if cirrus graphics mode is VGA,
> 'cirrus_get_bpp' returns zero(0), which could lead to a divide
> by zero error in while copying pixel data. The same could occur
> via blit pitch valu
+-- On Tue, 18 Oct 2016, P J P wrote --+
| From: Prasad J Pandit
|
| In Cirrus CLGD 54xx VGA Emulator, if cirrus graphics mode is VGA,
| 'cirrus_get_bpp' returns zero(0), which could lead to a divide
| by zero error in while copying pixel data. The same could occur
| via blit pitch values. Add ch
From: Prasad J Pandit
In Cirrus CLGD 54xx VGA Emulator, if cirrus graphics mode is VGA,
'cirrus_get_bpp' returns zero(0), which could lead to a divide
by zero error in while copying pixel data. The same could occur
via blit pitch values. Add check to avoid it.
Reported-by: Huawei PSIRT
Signed-o
