On Mon, 11 Mar 2019 at 08:54, Gerd Hoffmann <kra...@redhat.com> wrote:
>
> From: BALATON Zoltan <bala...@eik.bme.hu>
>
> At least two machines, the PPC mac99 and MIPS fulong2e, have an ATI
> gfx chip by default (Rage 128 Pro and M6/RV100 respectively) and
> guests running on these and the PMON2000 firmware of the fulong2e
> expect this to be available. Fortunately these are very similar chips
> so they can be mostly emulated in the same device model. This patch
> adds basic emulation of these ATI VGA chips.
>
> While this is incomplete and currently only enough to run the MIPS
> firmware and get framebuffer output with Linux, it allows the fulong2e
> board to work more like the real hardware and having it in QEMU in
> this state provides a way to experiment with it and allows others to
> contribute to improve it. It is compiled for all archs but only the
> fulong2e (which currently has no display output at all) is set to use
> it by default (in a separate patch).
Hi; Coverity points out (CID 1399700) an infinite loop here:
> +static void ati_mm_write(void *opaque, hwaddr addr,
> + uint64_t data, unsigned int size)
> +{
> + ATIVGAState *s = opaque;
> +
> + if (addr < CUR_OFFSET || addr > CUR_CLR1 || ATI_DEBUG_HW_CURSOR) {
> + trace_ati_mm_write(size, addr, ati_reg_name(addr & ~3ULL), data);
> + }
> + switch (addr) {
> + case MM_INDEX:
> + s->regs.mm_index = data;
> + break;
> + case MM_DATA ... MM_DATA + 3:
> + /* indexed access to regs or memory */
> + if (s->regs.mm_index & BIT(31)) {
> + if (s->regs.mm_index <= s->vga.vram_size - size) {
> + int i = 0;
> + while (i < size) {
> + s->vga.vram_ptr[s->regs.mm_index + i] = data & 0xff;
> + data >>= 8;
> + }
This while loop doesn't change either 'i' or 'size' in the loop body,
so it will loop forever. Presumably we should be updating i ?
thanks
-- PMM
