Message ID | 20240402113408.18048-4-pbonzini@redhat.com |
---|---|
State | New |
Headers | show |
Series | vga: fix assertion failure with 4- and 16-color modes | expand |
On 2/4/24 13:34, Paolo Bonzini wrote: > When pel panning is active, one more byte is read from each of the VGA > memory planes. This has to be accounted in the computation of region_end, > otherwise vga_draw_graphic() fails an assertion: > > qemu-system-i386: ../system/physmem.c:946: cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <= snap->end' failed. > > Reported-by: Helge Konetzka <hk@zapateado.de> > Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2244 > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > --- > hw/display/vga.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
diff --git a/hw/display/vga.c b/hw/display/vga.c index b4ceff70eb8..40acd19e72a 100644 --- a/hw/display/vga.c +++ b/hw/display/vga.c @@ -1571,11 +1571,15 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) break; } } + hpel = bits <= 8 ? s->params.hpel : 0; region_start = (s->params.start_addr * 4); region_end = region_start + (ram_addr_t)s->params.line_offset * height; region_end += width * depth / 8; /* scanline length */ region_end -= s->params.line_offset; + if (hpel) { + region_end += 4; + } if (region_end > s->vbe_size || depth == 0 || depth == 15) { /* * We land here on: @@ -1660,7 +1664,6 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE], s->params.line_compare, sr(s, VGA_SEQ_CLOCK_MODE)); #endif - hpel = bits <= 8 ? s->params.hpel : 0; addr1 = (s->params.start_addr * 4); bwidth = DIV_ROUND_UP(width * bits, 8); if (hpel) {
When pel panning is active, one more byte is read from each of the VGA memory planes. This has to be accounted in the computation of region_end, otherwise vga_draw_graphic() fails an assertion: qemu-system-i386: ../system/physmem.c:946: cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <= snap->end' failed. Reported-by: Helge Konetzka <hk@zapateado.de> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2244 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- hw/display/vga.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)