From: Erik van der Kouwe Date: Fri, 19 Nov 2010 17:40:08 +0000 (-0600) Subject: It seems FreeBSD sets the cursor to an out-of-screen location while booting. This... X-Git-Url: http://v3vee.org/palacios/gitweb/gitweb.cgi?a=commitdiff_plain;h=11d720fc1423409ceb24e0b970ae6f7199912152;p=palacios.git It seems FreeBSD sets the cursor to an out-of-screen location while booting. This patch adds checks to prevent that from being a problem. It also adds asserts in cga.c to make related buffer overflows easier to debug in the future --- diff --git a/palacios/src/devices/cga.c b/palacios/src/devices/cga.c index 119709f..0e36c9c 100644 --- a/palacios/src/devices/cga.c +++ b/palacios/src/devices/cga.c @@ -300,6 +300,10 @@ int v3_cons_get_fb(struct vm_device * frontend_dev, uint8_t * dst, uint_t offset PrintDebug("Getting framebuffer for screen; framebuf=%p, screen_offset=%d, offset=%d, length=%d\n", state->framebuf, screen_byte_offset, offset, length); + V3_ASSERT(screen_byte_offset <= FRAMEBUF_SIZE - SCREEN_SIZE); + V3_ASSERT(offset < SCREEN_SIZE); + V3_ASSERT(length <= SCREEN_SIZE); + V3_ASSERT(offset + length <= SCREEN_SIZE); memcpy(dst, state->framebuf + screen_byte_offset + offset, length); return 0; diff --git a/palacios/src/devices/curses_cons.c b/palacios/src/devices/curses_cons.c index 90f695d..9359ecc 100644 --- a/palacios/src/devices/curses_cons.c +++ b/palacios/src/devices/curses_cons.c @@ -51,9 +51,14 @@ static int cursor_update(uint_t x, uint_t y, void *private_data) { struct vm_device *dev = (struct vm_device *) private_data; struct cons_state *state = (struct cons_state *) dev->private_data; - uint_t offset = (x * BYTES_PER_COL) + (y * BYTES_PER_ROW); + uint_t offset; uint_t last_x, last_y; + /* avoid out-of-range coordinates */ + if (x >= NUM_COLS) x = NUM_COLS - 1; + if (y >= NUM_ROWS) y = NUM_ROWS - 1; + offset = (x * BYTES_PER_COL) + (y * BYTES_PER_ROW); + /* unfortunately Palacios sometimes misses some writes, * but if they are accompanied by a cursor move we may be able to * detect this