winedos / Add sanity check for VGA window offset

Jukka Heinonen <jhei@iki.fi> · Sun, 24 Aug 2003 16:04:06 +0300

Changelog:
  Replace some magic numbers with symbols.
  Add sanity checks so that VGA window cannot
  be used to access memory outside framebuffer.




Index: dlls/winedos/vga.c
===================================================================
RCS file: /home/wine/wine/dlls/winedos/vga.c,v
retrieving revision 1.38
diff -u -r1.38 vga.c

--- dlls/winedos/vga.c	12 Aug 2003 23:50:55 -0000	1.38
+++ dlls/winedos/vga.c	24 Aug 2003 12:55:18 -0000
@@ -43,6 +43,16 @@
 static BOOL vga_retrace_horizontal;
 
 /*
+ * Size and location of VGA controller window to framebuffer.
+ *
+ * Note: We support only single window even though some
+ *       controllers support two. This should not be changed unless
+ *       there are programs that depend on having two windows.
+ */
+#define VGA_WINDOW_SIZE  (64 * 1024)
+#define VGA_WINDOW_START ((char *)0xa0000)
+
+/*
  * VGA controller memory is emulated using linear framebuffer.
  * This frambuffer also acts as an interface
  * between VGA controller emulation and DirectDraw.
@@ -593,15 +603,17 @@
 
     if(vga_fb_window == -1)
         FIXME("Remove VGA memory emulation.\n");
-    else
-        memmove(vga_fb_data + vga_fb_window, (char *)0xa0000, 64 * 1024);
+    else if(vga_fb_window + VGA_WINDOW_SIZE < vga_fb_size)
+        memmove(vga_fb_data + vga_fb_window, VGA_WINDOW_START,
+                VGA_WINDOW_SIZE);
 
     vga_fb_window = start;
 
     if(vga_fb_window == -1)
         FIXME("Install VGA memory emulation.\n");
-    else
-        memmove( (char *)0xa0000, vga_fb_data + vga_fb_window, 64 * 1024);
+    else if(vga_fb_window + VGA_WINDOW_SIZE < vga_fb_size)
+        memmove( VGA_WINDOW_START, vga_fb_data + vga_fb_window, 
+                 VGA_WINDOW_SIZE);
 
     LeaveCriticalSection(&vga_lock);
 }
@@ -913,8 +925,9 @@
   /*
    * Synchronize framebuffer contents.
    */
-  if(vga_fb_window != -1)
-    memmove(vga_fb_data + vga_fb_window, (char *)0xa0000, 64 * 1024);
+  if(vga_fb_window != -1 && vga_fb_window + VGA_WINDOW_SIZE < vga_fb_size)
+    memmove(vga_fb_data + vga_fb_window, VGA_WINDOW_START,
+            VGA_WINDOW_SIZE);
 
   /*
    * Double VGA framebuffer (320x200 -> 640x400), if needed.



-- 
Jukka Heinonen <http://www.iki.fi/jhei/>





