From patchwork Mon Feb 16 21:23:08 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?UmFkaW0gS3LEjW3DocWZ?= X-Patchwork-Id: 440356 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 28EA61401DE for ; Tue, 17 Feb 2015 08:24:20 +1100 (AEDT) Received: from localhost ([::1]:42510 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YNT9O-0005BD-34 for incoming@patchwork.ozlabs.org; Mon, 16 Feb 2015 16:24:18 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46585) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YNT8s-0004GA-2k for qemu-devel@nongnu.org; Mon, 16 Feb 2015 16:23:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YNT8r-0008AF-0P for qemu-devel@nongnu.org; Mon, 16 Feb 2015 16:23:46 -0500 Received: from mx1.redhat.com ([209.132.183.28]:49808) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YNT8q-0008A9-Of for qemu-devel@nongnu.org; Mon, 16 Feb 2015 16:23:44 -0500 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t1GLNiYF002339 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Mon, 16 Feb 2015 16:23:44 -0500 Received: from potion (dhcp-1-150.brq.redhat.com [10.34.1.150]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with SMTP id t1GLNfVU004453; Mon, 16 Feb 2015 16:23:42 -0500 Received: by potion (sSMTP sendmail emulation); Mon, 16 Feb 2015 22:23:41 +0100 From: =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= To: qemu-devel@nongnu.org Date: Mon, 16 Feb 2015 22:23:08 +0100 Message-Id: <1424121788-24560-3-git-send-email-rkrcmar@redhat.com> In-Reply-To: <1424121788-24560-1-git-send-email-rkrcmar@redhat.com> References: <1424121788-24560-1-git-send-email-rkrcmar@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-MIME-Autoconverted: from 8bit to quoted-printable by mx1.redhat.com id t1GLNiYF002339 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Cc: Gerd Hoffmann Subject: [Qemu-devel] [PATCH 2/2] qxl: surface0 and ram_header should fit into vram X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The solution is not perfect, but won't let us do the same error again and has no overhead. Signed-off-by: Radim Krčmář --- hw/display/qxl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/display/qxl.c b/hw/display/qxl.c index 61df47726481..d5e85d033080 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -367,6 +367,8 @@ static void init_qxl_rom(PCIQXLDevice *d) num_pages -= surface0_area_size; num_pages = num_pages / QXL_PAGE_SIZE; + assert(surface0_area_size + ram_header_size <= d->vga.vram_size); + rom->draw_area_offset = cpu_to_le32(0); rom->surface0_area_size = cpu_to_le32(surface0_area_size); rom->pages_offset = cpu_to_le32(surface0_area_size);