projects
/
retrobench
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
85057d2
)
fixed potentially reading out of bounds when doing banked blit to framebuffer
author
John Tsiombikas
<nuclear@member.fsf.org>
Sat, 22 May 2021 01:22:25 +0000
(
04:22
+0300)
committer
John Tsiombikas
<nuclear@member.fsf.org>
Sat, 22 May 2021 01:22:25 +0000
(
04:22
+0300)
src/dos/gfx.c
patch
|
blob
|
history
diff --git
a/src/dos/gfx.c
b/src/dos/gfx.c
index
f7276af
..
939a679
100644
(file)
--- a/
src/dos/gfx.c
+++ b/
src/dos/gfx.c
@@
-247,7
+247,7
@@
void *set_video_mode(int idx, int nbuf)
vm->win_64k_step = 1 << vm->win_gran_shift;
}
vm->win_64k_step = 1 << vm->win_gran_shift;
}
- printf(" granularity: %dk (step: %d)\n", vm->win_gran, vm->win_64k_step);
+ printf("granularity: %dk (step: %d)\n", vm->win_gran, vm->win_64k_step);
}
/* allocate main memory framebuffer */
}
/* allocate main memory framebuffer */
@@
-298,8
+298,7
@@
static void blit_frame_lfb(void *pixels, int vsync)
static void blit_frame_banked(void *pixels, int vsync)
{
static void blit_frame_banked(void *pixels, int vsync)
{
- int offs;
- unsigned int pending;
+ int sz, offs, pending;
unsigned char *pptr = pixels;
if(vsync) wait_vsync();
unsigned char *pptr = pixels;
if(vsync) wait_vsync();
@@
-308,10
+307,11
@@
static void blit_frame_banked(void *pixels, int vsync)
offs = 0;
pending = pgsize;
while(pending > 0) {
offs = 0;
pending = pgsize;
while(pending > 0) {
- //memcpy64((void*)0xa0000, pptr, 16384);
- memcpy((void*)0xa0000, pptr, 65536);
- pptr += 65536;
- pending -= 65536;
+ sz = pending > 65536 ? 65536 : pending;
+ //memcpy64((void*)0xa0000, pptr, sz >> 3);
+ memcpy((void*)0xa0000, pptr, sz);
+ pptr += sz;
+ pending -= sz;
offs += curmode->win_64k_step;
vbe_setwin(0, offs);
}
offs += curmode->win_64k_step;
vbe_setwin(0, offs);
}