On Tue, Apr 21, 2020 at 10:25:49AM +0100, Peter Maydell wrote:
> On Tue, 21 Apr 2020 at 10:16, Gerd Hoffmann wrote:
> > cirrus stopped using pointers years ago, exactly for the reasons
> > outlined above. Conversion was pretty straight forward.
> >
> > commit 026aeffcb4752054830ba203020ed6eb05bca
On Tue, 21 Apr 2020 at 10:16, Gerd Hoffmann wrote:
> cirrus stopped using pointers years ago, exactly for the reasons
> outlined above. Conversion was pretty straight forward.
>
> commit 026aeffcb4752054830ba203020ed6eb05bcaba8
> Author: Gerd Hoffmann
> Date: Wed Mar 15 11:47:52 2017 +0100
>
>
> > > The SM501 datasheet is entirely unhelpful on this question, but
> > > my suggestion is that we should convert the code so that instead
> > > of operating directly on pointers into the middle of the local_mem
> > > buffer all the accesses to local_mem go via functions which mask
> > > off the
On Wed, 15 Apr 2020, BALATON Zoltan wrote:
On Wed, 15 Apr 2020, Peter Maydell wrote:
On Mon, 13 Apr 2020 at 23:01, Philippe Mathieu-Daudé
wrote:
Zhang Zi Ming reported a heap overflow in the Drawing Engine of
the SM501 companion chip model, in particular in the COPY_AREA()
macro in sm501_2d_o
On Wed, 15 Apr 2020, Peter Maydell wrote:
On Mon, 13 Apr 2020 at 23:01, Philippe Mathieu-Daudé wrote:
Zhang Zi Ming reported a heap overflow in the Drawing Engine of
the SM501 companion chip model, in particular in the COPY_AREA()
macro in sm501_2d_operation().
Add a simple check to avoid the
On Mon, 13 Apr 2020 at 23:01, Philippe Mathieu-Daudé wrote:
>
> Zhang Zi Ming reported a heap overflow in the Drawing Engine of
> the SM501 companion chip model, in particular in the COPY_AREA()
> macro in sm501_2d_operation().
>
> Add a simple check to avoid the heap overflow.
> diff --git a/hw/
Zhang Zi Ming reported a heap overflow in the Drawing Engine of
the SM501 companion chip model, in particular in the COPY_AREA()
macro in sm501_2d_operation().
Add a simple check to avoid the heap overflow.
This fixes:
=
==20518
