diff options
| author |   José Pekkarinen <jose.pekkarinen@nokia.com> | 2016-05-18 13:18:31 +0300 |
|---|---|---|
| committer | José Pekkarinen <jose.pekkarinen@nokia.com> | 2016-05-18 13:42:15 +0300 |
| commit | 437fd90c0250dee670290f9b714253671a990160 (patch) | |
| tree | b871786c360704244a07411c69fb58da9ead4a06 /qemu/hw/display/vmware_vga.c | |
| parent | 5bbd6fe9b8bab2a93e548c5a53b032d1939eec05 (diff) | |
These changes are the raw update to qemu-2.6.
Collission happened in the following patches:
migration: do cleanup operation after completion(738df5b9)
Bug fix.(1750c932f86)
kvmclock: add a new function to update env->tsc.(b52baab2)
The code provided by the patches was already in the upstreamed
version.
Change-Id: I3cc11841a6a76ae20887b2e245710199e1ea7f9a
Signed-off-by: José Pekkarinen <jose.pekkarinen@nokia.com>
Diffstat (limited to 'qemu/hw/display/vmware_vga.c')
| -rw-r--r-- | qemu/hw/display/vmware_vga.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/qemu/hw/display/vmware_vga.c b/qemu/hw/display/vmware_vga.c index 7f397d3c2..0c63fa851 100644 --- a/qemu/hw/display/vmware_vga.c +++ b/qemu/hw/display/vmware_vga.c @@ -21,6 +21,8 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ +#include "qemu/osdep.h" +#include "qapi/error.h" #include "hw/hw.h" #include "hw/loader.h" #include "trace.h" @@ -488,10 +490,10 @@ static inline int vmsvga_fill_rect(struct vmsvga_state_s *s, #endif struct vmsvga_cursor_definition_s { - int width; - int height; + uint32_t width; + uint32_t height; int id; - int bpp; + uint32_t bpp; int hot_x; int hot_y; uint32_t mask[1024]; @@ -658,7 +660,10 @@ static void vmsvga_fifo_run(struct vmsvga_state_s *s) cursor.bpp = vmsvga_fifo_read(s); args = SVGA_BITMAP_SIZE(x, y) + SVGA_PIXMAP_SIZE(x, y, cursor.bpp); - if (SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || + if (cursor.width > 256 || + cursor.height > 256 || + cursor.bpp > 32 || + SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd; } @@ -1244,7 +1249,7 @@ static void vmsvga_init(DeviceState *dev, struct vmsvga_state_s *s, s->fifo_size = SVGA_FIFO_SIZE; memory_region_init_ram(&s->fifo_ram, NULL, "vmsvga.fifo", s->fifo_size, - &error_abort); + &error_fatal); vmstate_register_ram_global(&s->fifo_ram); s->fifo_ptr = memory_region_get_ram_ptr(&s->fifo_ram); |