summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGonglei <arei.gonglei@huawei.com>2014-05-12 15:10:38 +0800
committerGerd Hoffmann <kraxel@redhat.com>2014-07-11 10:17:01 +0200
commitf61d82c2dfe02a60642a76e8f0034a0244eef2bf (patch)
tree6f051dddfb508a3c07e827a6306e1458d658e14b
parent9e99c5fd7060267a0331d900e73fdb36047bfe0c (diff)
downloadqemu-f61d82c2dfe02a60642a76e8f0034a0244eef2bf.zip
cirrus_vga: adding sanity check for vram size
when configure a invalid vram size for cirrus card, such as less 2 MB, which will crash qemu. Follow the real hardware, the cirrus card has 4 MB video memory. Also for backward compatibility, accept 8 MB and 16 MB vram size. Signed-off-by: Gonglei <arei.gonglei@huawei.com> Reviewed-by: Andreas Färber <afaerber@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-rw-r--r--hw/display/cirrus_vga.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c
index 6fbe39d5d4..52d039e9bc 100644
--- a/hw/display/cirrus_vga.c
+++ b/hw/display/cirrus_vga.c
@@ -2911,6 +2911,14 @@ static void isa_cirrus_vga_realizefn(DeviceState *dev, Error **errp)
ISACirrusVGAState *d = ISA_CIRRUS_VGA(dev);
VGACommonState *s = &d->cirrus_vga.vga;
+ /* follow real hardware, cirrus card emulated has 4 MB video memory.
+ Also accept 8 MB/16 MB for backward compatibility. */
+ if (s->vram_size_mb != 4 && s->vram_size_mb != 8 &&
+ s->vram_size_mb != 16) {
+ error_setg(errp, "Invalid cirrus_vga ram size '%u'",
+ s->vram_size_mb);
+ return;
+ }
vga_common_init(s, OBJECT(dev), true);
cirrus_init_common(&d->cirrus_vga, OBJECT(dev), CIRRUS_ID_CLGD5430, 0,
isa_address_space(isadev),
@@ -2957,6 +2965,14 @@ static int pci_cirrus_vga_initfn(PCIDevice *dev)
PCIDeviceClass *pc = PCI_DEVICE_GET_CLASS(dev);
int16_t device_id = pc->device_id;
+ /* follow real hardware, cirrus card emulated has 4 MB video memory.
+ Also accept 8 MB/16 MB for backward compatibility. */
+ if (s->vga.vram_size_mb != 4 && s->vga.vram_size_mb != 8 &&
+ s->vga.vram_size_mb != 16) {
+ error_report("Invalid cirrus_vga ram size '%u'",
+ s->vga.vram_size_mb);
+ return -1;
+ }
/* setup VGA */
vga_common_init(&s->vga, OBJECT(dev), true);
cirrus_init_common(s, OBJECT(dev), device_id, 1, pci_address_space(dev),