When calculating the size of the buffer required for the VGA/VBE state, round up rather than truncating when dividing the number of bytes to get the number of 64-byte blocks. Without this modification, the save state function will write past the end of a buffer of the size requested.
Signed-off-by: Daniel Verkamp daniel@drv.nu ---
V2: apply the fix to VGA function 101c as well
vgasrc/vbe.c | 2 +- vgasrc/vgabios.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/vgasrc/vbe.c b/vgasrc/vbe.c index 66afb011..1a0948cf 100644 --- a/vgasrc/vbe.c +++ b/vgasrc/vbe.c @@ -242,7 +242,7 @@ vbe_104f04(struct bregs *regs) if (ret < 0) goto fail; if (cmd == 0) - regs->bx = ret / 64; + regs->bx = DIV_ROUND_UP(ret, 64); regs->ax = 0x004f; return; fail: diff --git a/vgasrc/vgabios.c b/vgasrc/vgabios.c index 198ee555..73ba1c3d 100644 --- a/vgasrc/vgabios.c +++ b/vgasrc/vgabios.c @@ -1081,7 +1081,7 @@ handle_101c(struct bregs *regs) if (ret < 0) goto fail; if (cmd == 0) - regs->bx = ret / 64; + regs->bx = DIV_ROUND_UP(ret, 64); regs->al = 0x1c; fail: return;