From 3b6d2b1962b23295c463f010ff88eb5a594f2ef9 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Tue, 2 Apr 2024 12:25:57 +0200 Subject: [PATCH] vga: adjust dirty memory region if pel panning is active MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When pel panning is active, one more byte is read from each of the VGA memory planes. This has to be accounted in the computation of region_end, otherwise vga_draw_graphic() fails an assertion: qemu-system-i386: ../system/physmem.c:946: cpu_physical_memory_snapshot_get_dirty: Assertion `start + length <= snap->end' failed. Reported-by: Helge Konetzka Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2244 Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Paolo Bonzini --- hw/display/vga.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hw/display/vga.c b/hw/display/vga.c index b4ceff70eb..40acd19e72 100644 --- a/hw/display/vga.c +++ b/hw/display/vga.c @@ -1571,11 +1571,15 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) break; } } + hpel = bits <= 8 ? s->params.hpel : 0; region_start = (s->params.start_addr * 4); region_end = region_start + (ram_addr_t)s->params.line_offset * height; region_end += width * depth / 8; /* scanline length */ region_end -= s->params.line_offset; + if (hpel) { + region_end += 4; + } if (region_end > s->vbe_size || depth == 0 || depth == 15) { /* * We land here on: @@ -1660,7 +1664,6 @@ static void vga_draw_graphic(VGACommonState *s, int full_update) width, height, v, line_offset, s->cr[9], s->cr[VGA_CRTC_MODE], s->params.line_compare, sr(s, VGA_SEQ_CLOCK_MODE)); #endif - hpel = bits <= 8 ? s->params.hpel : 0; addr1 = (s->params.start_addr * 4); bwidth = DIV_ROUND_UP(width * bits, 8); if (hpel) {