When calculating the size of the buffer required for the VGA/VBE state, round up rather than truncating when dividing the number of bytes to get the number of 64-byte blocks. Without this modification, the save state function will write past the end of a buffer of the size requested.
Signed-off-by: Daniel Verkamp daniel@drv.nu ---
V2: apply the fix to VGA function 101c as well
vgasrc/vbe.c | 2 +- vgasrc/vgabios.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/vgasrc/vbe.c b/vgasrc/vbe.c index 66afb011..1a0948cf 100644 --- a/vgasrc/vbe.c +++ b/vgasrc/vbe.c @@ -242,7 +242,7 @@ vbe_104f04(struct bregs *regs) if (ret < 0) goto fail; if (cmd == 0) - regs->bx = ret / 64; + regs->bx = DIV_ROUND_UP(ret, 64); regs->ax = 0x004f; return; fail: diff --git a/vgasrc/vgabios.c b/vgasrc/vgabios.c index 198ee555..73ba1c3d 100644 --- a/vgasrc/vgabios.c +++ b/vgasrc/vgabios.c @@ -1081,7 +1081,7 @@ handle_101c(struct bregs *regs) if (ret < 0) goto fail; if (cmd == 0) - regs->bx = ret / 64; + regs->bx = DIV_ROUND_UP(ret, 64); regs->al = 0x1c; fail: return;
On Mon, Mar 11, 2024 at 5:57 PM Daniel Verkamp daniel@drv.nu wrote:
When calculating the size of the buffer required for the VGA/VBE state, round up rather than truncating when dividing the number of bytes to get the number of 64-byte blocks. Without this modification, the save state function will write past the end of a buffer of the size requested.
Signed-off-by: Daniel Verkamp daniel@drv.nu
Sorry, I forgot to include Reviewed-by: Philippe Mathieu-Daudé philmd@linaro.org from the previous version.
On Mon, Mar 11, 2024 at 06:09:58PM -0700, Daniel Verkamp wrote:
On Mon, Mar 11, 2024 at 5:57 PM Daniel Verkamp daniel@drv.nu wrote:
When calculating the size of the buffer required for the VGA/VBE state, round up rather than truncating when dividing the number of bytes to get the number of 64-byte blocks. Without this modification, the save state function will write past the end of a buffer of the size requested.
Signed-off-by: Daniel Verkamp daniel@drv.nu
Thanks, I committed this change.
Sorry, I forgot to include Reviewed-by: Philippe Mathieu-Daudé philmd@linaro.org from the previous version.
Ah - I missed this as well. Sorry about that.
-Kevin
On 12/3/24 15:30, Kevin O'Connor wrote:
On Mon, Mar 11, 2024 at 06:09:58PM -0700, Daniel Verkamp wrote:
On Mon, Mar 11, 2024 at 5:57 PM Daniel Verkamp daniel@drv.nu wrote:
When calculating the size of the buffer required for the VGA/VBE state, round up rather than truncating when dividing the number of bytes to get the number of 64-byte blocks. Without this modification, the save state function will write past the end of a buffer of the size requested.
Signed-off-by: Daniel Verkamp daniel@drv.nu
Thanks, I committed this change.
Sorry, I forgot to include Reviewed-by: Philippe Mathieu-Daudé philmd@linaro.org from the previous version.
Ah - I missed this as well. Sorry about that.
Not a big deal ;)
-
Daniel Verkamp -
Kevin O'Connor -
Philippe Mathieu-Daudé