Context Navigation

qemu-cirrus-bounds-checks @ 34

Last change on this file since 34 was 34, checked in by hartmans, 17 years ago
Add xen and xen-common
File size: 11.0 KB

Line
1	Index: ioemu/hw/cirrus_vga.c
2	===================================================================
3	--- ioemu.orig/hw/cirrus_vga.c 2007-05-03 14:55:45.000000000 +0100
4	+++ ioemu/hw/cirrus_vga.c 2007-05-03 14:58:05.000000000 +0100
5	@@ -601,7 +601,8 @@
6	off_cur_end = off_cur + bytesperline;
7	off_cur &= TARGET_PAGE_MASK;
8	while (off_cur < off_cur_end) {
9	- cpu_physical_memory_set_dirty(s->vram_offset + off_cur);
10	+ cpu_physical_memory_set_dirty(s->vram_offset +
11	+ (off_cur & s->cirrus_addr_mask));
12	off_cur += TARGET_PAGE_SIZE;
13	}
14	off_begin += off_pitch;
15	Index: ioemu/hw/cirrus_vga_rop.h
16	===================================================================
17	--- ioemu.orig/hw/cirrus_vga_rop.h 2007-05-02 10:30:05.000000000 +0100
18	+++ ioemu/hw/cirrus_vga_rop.h 2007-05-03 14:58:22.000000000 +0100
19	@@ -22,18 +22,36 @@
20	* THE SOFTWARE.
21	*/
22
23	+#define get_base(p, s, b) do { \
24	+ if ((p) >= (s)->vram_ptr && (p) < (s)->vram_ptr + (s)->vram_size) \
25	+ (b) = (s)->vram_ptr; \
26	+ else if ((p) >= &(s)->cirrus_bltbuf[0] && \
27	+ (p) < &(s)->cirrus_bltbuf[CIRRUS_BLTBUFSIZE]) \
28	+ (b) = &(s)->cirrus_bltbuf[0]; \
29	+ else \
30	+ return; \
31	+} while(0)
32	+
33	+#define m(x) ((x) & s->cirrus_addr_mask)
34	+
35	static void
36	glue(cirrus_bitblt_rop_fwd_, ROP_NAME)(CirrusVGAState *s,
37	- uint8_t dst,const uint8_t src,
38	+ uint8_t dst_,const uint8_t src_,
39	int dstpitch,int srcpitch,
40	int bltwidth,int bltheight)
41	{
42	int x,y;
43	+ uint32_t dst, src;
44	+ uint8_t dst_base, src_base;
45	+ get_base(dst_, s, dst_base);
46	+ get_base(src_, s, src_base);
47	+ dst = dst_ - dst_base;
48	+ src = src_ - src_base;
49	dstpitch -= bltwidth;
50	srcpitch -= bltwidth;
51	for (y = 0; y < bltheight; y++) {
52	for (x = 0; x < bltwidth; x++) {
53	- ROP_OP(dst, src);
54	+ ROP_OP((dst_base + m(dst)), (src_base + m(src)));
55	dst++;
56	src++;
57	}
58	@@ -44,16 +62,22 @@
59
60	static void
61	glue(cirrus_bitblt_rop_bkwd_, ROP_NAME)(CirrusVGAState *s,
62	- uint8_t dst,const uint8_t src,
63	+ uint8_t dst_,const uint8_t src_,
64	int dstpitch,int srcpitch,
65	int bltwidth,int bltheight)
66	{
67	int x,y;
68	+ uint32_t dst, src;
69	+ uint8_t dst_base, src_base;
70	+ get_base(dst_, s, dst_base);
71	+ get_base(src_, s, src_base);
72	+ dst = dst_ - dst_base;
73	+ src = src_ - src_base;
74	dstpitch += bltwidth;
75	srcpitch += bltwidth;
76	for (y = 0; y < bltheight; y++) {
77	for (x = 0; x < bltwidth; x++) {
78	- ROP_OP(dst, src);
79	+ ROP_OP((dst_base + m(dst)), (src_base + m(src)));
80	dst--;
81	src--;
82	}
83	@@ -76,3 +100,6 @@
84
85	#undef ROP_NAME
86	#undef ROP_OP
87	+
88	+#undef get_base
89	+#undef m
90	Index: ioemu/hw/cirrus_vga_rop2.h
91	===================================================================
92	--- ioemu.orig/hw/cirrus_vga_rop2.h 2007-05-02 10:30:05.000000000 +0100
93	+++ ioemu/hw/cirrus_vga_rop2.h 2007-05-03 14:58:42.000000000 +0100
94	@@ -23,36 +23,42 @@
95	*/
96
97	#if DEPTH == 8
98	-#define PUTPIXEL() ROP_OP(d[0], col)
99	+#define PUTPIXEL() ROP_OP((dst_base + m(d))[0], col)
100	#elif DEPTH == 16
101	-#define PUTPIXEL() ROP_OP(((uint16_t *)d)[0], col);
102	+#define PUTPIXEL() ROP_OP(((uint16_t *)(dst_base + m(d)))[0], col);
103	#elif DEPTH == 24
104	-#define PUTPIXEL() ROP_OP(d[0], col); \
105	- ROP_OP(d[1], (col >> 8)); \
106	- ROP_OP(d[2], (col >> 16))
107	+#define PUTPIXEL() ROP_OP((dst_base + m(d))[0], col); \
108	+ ROP_OP((dst_base + m(d))[1], (col >> 8)); \
109	+ ROP_OP((dst_base + m(d))[2], (col >> 16))
110	#elif DEPTH == 32
111	-#define PUTPIXEL() ROP_OP(((uint32_t *)d)[0], col)
112	+#define PUTPIXEL() ROP_OP(((uint32_t *)(dst_base + m(d)))[0], col)
113	#else
114	#error unsupported DEPTH
115	#endif
116
117	static void
118	glue(glue(glue(cirrus_patternfill_, ROP_NAME), _),DEPTH)
119	- (CirrusVGAState * s, uint8_t * dst,
120	- const uint8_t * src,
121	+ (CirrusVGAState * s, uint8_t * dst_,
122	+ const uint8_t * src_,
123	int dstpitch, int srcpitch,
124	int bltwidth, int bltheight)
125	{
126	- uint8_t *d;
127	+ uint8_t dst_base, src_base;
128	+ uint32_t src, dst;
129	+ uint32_t d;
130	int x, y, pattern_y, pattern_pitch, pattern_x;
131	unsigned int col;
132	- const uint8_t *src1;
133	+ uint32_t src1;
134	#if DEPTH == 24
135	int skipleft = s->gr[0x2f] & 0x1f;
136	#else
137	int skipleft = (s->gr[0x2f] & 0x07) * (DEPTH / 8);
138	#endif
139
140	+ get_base(dst_, s, dst_base);
141	+ get_base(src_, s, src_base);
142	+ dst = dst_ - dst_base;
143	+ src = src_ - src_base;
144	#if DEPTH == 8
145	pattern_pitch = 8;
146	#elif DEPTH == 16
147	@@ -67,19 +73,19 @@
148	src1 = src + pattern_y * pattern_pitch;
149	for (x = skipleft; x < bltwidth; x += (DEPTH / 8)) {
150	#if DEPTH == 8
151	- col = src1[pattern_x];
152	+ col = *(src_base + m(src1 + pattern_x));
153	pattern_x = (pattern_x + 1) & 7;
154	#elif DEPTH == 16
155	- col = ((uint16_t *)(src1 + pattern_x))[0];
156	+ col = (uint16_t )(src_base + m(src1 + pattern_x));
157	pattern_x = (pattern_x + 2) & 15;
158	#elif DEPTH == 24
159	{
160	- const uint8_t src2 = src1 + pattern_x 3;
161	+ const uint8_t src2 = src_base + m(src1 + pattern_x 3);
162	col = src2[0] \| (src2[1] << 8) \| (src2[2] << 16);
163	pattern_x = (pattern_x + 1) & 7;
164	}
165	#else
166	- col = ((uint32_t *)(src1 + pattern_x))[0];
167	+ col = (uint32_t )(src_base + m(src1 + pattern_x));
168	pattern_x = (pattern_x + 4) & 31;
169	#endif
170	PUTPIXEL();
171	@@ -93,12 +99,14 @@
172	/* NOTE: srcpitch is ignored */
173	static void
174	glue(glue(glue(cirrus_colorexpand_transp_, ROP_NAME), _),DEPTH)
175	- (CirrusVGAState * s, uint8_t * dst,
176	- const uint8_t * src,
177	+ (CirrusVGAState * s, uint8_t * dst_,
178	+ const uint8_t * src_,
179	int dstpitch, int srcpitch,
180	int bltwidth, int bltheight)
181	{
182	- uint8_t *d;
183	+ uint8_t dst_base, src_base;
184	+ uint32_t src, dst;
185	+ uint32_t d;
186	int x, y;
187	unsigned bits, bits_xor;
188	unsigned int col;
189	@@ -112,6 +120,10 @@
190	int dstskipleft = srcskipleft * (DEPTH / 8);
191	#endif
192
193	+ get_base(dst_, s, dst_base);
194	+ get_base(src_, s, src_base);
195	+ dst = dst_ - dst_base;
196	+ src = src_ - src_base;
197	if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV) {
198	bits_xor = 0xff;
199	col = s->cirrus_blt_bgcol;
200	@@ -122,12 +134,12 @@
201
202	for(y = 0; y < bltheight; y++) {
203	bitmask = 0x80 >> srcskipleft;
204	- bits = *src++ ^ bits_xor;
205	+ bits = *(src_base + m(src++)) ^ bits_xor;
206	d = dst + dstskipleft;
207	for (x = dstskipleft; x < bltwidth; x += (DEPTH / 8)) {
208	if ((bitmask & 0xff) == 0) {
209	bitmask = 0x80;
210	- bits = *src++ ^ bits_xor;
211	+ bits = *(src_base + m(src++)) ^ bits_xor;
212	}
213	index = (bits & bitmask);
214	if (index) {
215	@@ -142,13 +154,15 @@
216
217	static void
218	glue(glue(glue(cirrus_colorexpand_, ROP_NAME), _),DEPTH)
219	- (CirrusVGAState * s, uint8_t * dst,
220	- const uint8_t * src,
221	+ (CirrusVGAState * s, uint8_t * dst_,
222	+ const uint8_t * src_,
223	int dstpitch, int srcpitch,
224	int bltwidth, int bltheight)
225	{
226	+ uint8_t dst_base, src_base;
227	+ uint32_t src, dst;
228	uint32_t colors[2];
229	- uint8_t *d;
230	+ uint32_t d;
231	int x, y;
232	unsigned bits;
233	unsigned int col;
234	@@ -156,16 +170,20 @@
235	int srcskipleft = s->gr[0x2f] & 0x07;
236	int dstskipleft = srcskipleft * (DEPTH / 8);
237
238	+ get_base(dst_, s, dst_base);
239	+ get_base(src_, s, src_base);
240	+ dst = dst_ - dst_base;
241	+ src = src_ - src_base;
242	colors[0] = s->cirrus_blt_bgcol;
243	colors[1] = s->cirrus_blt_fgcol;
244	for(y = 0; y < bltheight; y++) {
245	bitmask = 0x80 >> srcskipleft;
246	- bits = *src++;
247	+ bits = *(src_base + m(src++));
248	d = dst + dstskipleft;
249	for (x = dstskipleft; x < bltwidth; x += (DEPTH / 8)) {
250	if ((bitmask & 0xff) == 0) {
251	bitmask = 0x80;
252	- bits = *src++;
253	+ bits = *(src_base + m(src++));
254	}
255	col = colors[!!(bits & bitmask)];
256	PUTPIXEL();
257	@@ -178,12 +196,14 @@
258
259	static void
260	glue(glue(glue(cirrus_colorexpand_pattern_transp_, ROP_NAME), _),DEPTH)
261	- (CirrusVGAState * s, uint8_t * dst,
262	- const uint8_t * src,
263	+ (CirrusVGAState * s, uint8_t * dst_,
264	+ const uint8_t * src_,
265	int dstpitch, int srcpitch,
266	int bltwidth, int bltheight)
267	{
268	- uint8_t *d;
269	+ uint8_t dst_base, src_base;
270	+ uint32_t src, dst;
271	+ uint32_t d;
272	int x, y, bitpos, pattern_y;
273	unsigned int bits, bits_xor;
274	unsigned int col;
275	@@ -195,6 +215,10 @@
276	int dstskipleft = srcskipleft * (DEPTH / 8);
277	#endif
278
279	+ get_base(dst_, s, dst_base);
280	+ get_base(src_, s, src_base);
281	+ dst = dst_ - dst_base;
282	+ src = src_ - src_base;
283	if (s->cirrus_blt_modeext & CIRRUS_BLTMODEEXT_COLOREXPINV) {
284	bits_xor = 0xff;
285	col = s->cirrus_blt_bgcol;
286	@@ -205,7 +229,7 @@
287	pattern_y = s->cirrus_blt_srcaddr & 7;
288
289	for(y = 0; y < bltheight; y++) {
290	- bits = src[pattern_y] ^ bits_xor;
291	+ bits = *(src_base + m(src + pattern_y)) ^ bits_xor;
292	bitpos = 7 - srcskipleft;
293	d = dst + dstskipleft;
294	for (x = dstskipleft; x < bltwidth; x += (DEPTH / 8)) {
295	@@ -222,25 +246,31 @@
296
297	static void
298	glue(glue(glue(cirrus_colorexpand_pattern_, ROP_NAME), _),DEPTH)
299	- (CirrusVGAState * s, uint8_t * dst,
300	- const uint8_t * src,
301	+ (CirrusVGAState * s, uint8_t * dst_,
302	+ const uint8_t * src_,
303	int dstpitch, int srcpitch,
304	int bltwidth, int bltheight)
305	{
306	+ uint8_t dst_base, src_base;
307	+ uint32_t src, dst;
308	uint32_t colors[2];
309	- uint8_t *d;
310	+ uint32_t d;
311	int x, y, bitpos, pattern_y;
312	unsigned int bits;
313	unsigned int col;
314	int srcskipleft = s->gr[0x2f] & 0x07;
315	int dstskipleft = srcskipleft * (DEPTH / 8);
316
317	+ get_base(dst_, s, dst_base);
318	+ get_base(src_, s, src_base);
319	+ dst = dst_ - dst_base;
320	+ src = src_ - src_base;
321	colors[0] = s->cirrus_blt_bgcol;
322	colors[1] = s->cirrus_blt_fgcol;
323	pattern_y = s->cirrus_blt_srcaddr & 7;
324
325	for(y = 0; y < bltheight; y++) {
326	- bits = src[pattern_y];
327	+ bits = *(src_base + m(src + pattern_y));
328	bitpos = 7 - srcskipleft;
329	d = dst + dstskipleft;
330	for (x = dstskipleft; x < bltwidth; x += (DEPTH / 8)) {
331	@@ -257,13 +287,17 @@
332	static void
333	glue(glue(glue(cirrus_fill_, ROP_NAME), _),DEPTH)
334	(CirrusVGAState *s,
335	- uint8_t *dst, int dst_pitch,
336	+ uint8_t *dst_, int dst_pitch,
337	int width, int height)
338	{
339	- uint8_t d, d1;
340	+ uint8_t *dst_base;
341	+ uint32_t dst;
342	+ uint32_t d, d1;
343	uint32_t col;
344	int x, y;
345
346	+ get_base(dst_, s, dst_base);
347	+ dst = dst_ - dst_base;
348	col = s->cirrus_blt_fgcol;
349
350	d1 = dst;

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format