Author: bde
Date: Mon Mar 25 11:48:40 2019
New Revision: 345496
URL: https://svnweb.freebsd.org/changeset/base/345496
Log:
Fix another type of buffer overrun for segmented modes. The buffer index
was not taken modulo the window size in VGLClear().
Segmented modes also need a kernel fix to almost work. The ioctl to set
the window origin is broken.
These bugs are rarely problems since non-VESA modes only need
segmentation to support multiple pages but libvgl doesn't support
multiple pages and treats these modes as non-segmented, and VESA modes
are usually mapped linearly except on old hardware so they really are
non-segmented.
Modified:
head/lib/libvgl/simple.c
Modified: head/lib/libvgl/simple.c
==============================================================================
--- head/lib/libvgl/simple.c Mon Mar 25 11:39:49 2019 (r345495)
+++ head/lib/libvgl/simple.c Mon Mar 25 11:48:40 2019 (r345496)
@@ -535,7 +535,8 @@ VGLClear(VGLBitmap *object, u_long color)
VGLSetSegment(offset);
len = min(total - offset, VGLAdpInfo.va_window_size);
for (i = 0; i < len; i += object->PixelBytes)
- bcopy(b, object->Bitmap + offset + i, object->PixelBytes);
+ bcopy(object->Bitmap + (offset + i) % VGLAdpInfo.va_window_size, b,
+ object->PixelBytes);
offset += len;
}
break;
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
