VirtualBox

Changeset 71622 in vbox for trunk


Ignore:
Timestamp:
Apr 2, 2018 5:33:45 PM (7 years ago)
Author:
vboxsync
Message:

DevVGA: Code cleanup in progress. bugref:9094

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Devices/Graphics/DevVGA_VBVA.cpp

    r71620 r71622  
    721721                                 const VBVAMOUSEPOINTERSHAPE RT_UNTRUSTED_VOLATILE_GUEST *pShape, HGSMISIZE cbShape)
    722722{
    723     VBVAMOUSEPOINTERSHAPE parms;
    724     memcpy(&parms, (void *)pShape, sizeof(parms));
    725     ASMCompilerBarrier();
     723    /*
     724     * Make non-volatile copy of the shape header and validate it.
     725     */
     726    VBVAMOUSEPOINTERSHAPE SafeShape;
     727    RT_COPY_VOLATILE(SafeShape, *pShape);
     728    RT_UNTRUSTED_NONVOLATILE_COPY_FENCE();
    726729
    727730    LogFlowFunc(("VBVA_MOUSE_POINTER_SHAPE: i32Result 0x%x, fu32Flags 0x%x, hot spot %d,%d, size %dx%d\n",
    728                  parms.i32Result,
    729                  parms.fu32Flags,
    730                  parms.u32HotX,
    731                  parms.u32HotY,
    732                  parms.u32Width,
    733                  parms.u32Height));
    734 
    735     const bool fVisible = RT_BOOL(parms.fu32Flags & VBOX_MOUSE_POINTER_VISIBLE);
    736     const bool fAlpha =   RT_BOOL(parms.fu32Flags & VBOX_MOUSE_POINTER_ALPHA);
    737     const bool fShape =   RT_BOOL(parms.fu32Flags & VBOX_MOUSE_POINTER_SHAPE);
     731                 SafeShape.i32Result, SafeShape.fu32Flags, SafeShape.u32HotX, SafeShape.u32HotY, SafeShape.u32Width, SafeShape.u32Height));
     732
     733    const bool fVisible = RT_BOOL(SafeShape.fu32Flags & VBOX_MOUSE_POINTER_VISIBLE);
     734    const bool fAlpha =   RT_BOOL(SafeShape.fu32Flags & VBOX_MOUSE_POINTER_ALPHA);
     735    const bool fShape =   RT_BOOL(SafeShape.fu32Flags & VBOX_MOUSE_POINTER_SHAPE);
    738736
    739737    HGSMISIZE cbPointerData = 0;
    740 
    741738    if (fShape)
    742739    {
    743          if (parms.u32Width > 8192 || parms.u32Height > 8192)
    744          {
    745              Log(("vbvaMousePointerShape: unsupported size %ux%u\n", parms.u32Width, parms.u32Height));
    746              return VERR_INVALID_PARAMETER;
    747          }
    748 
    749          cbPointerData = ((((parms.u32Width + 7) / 8) * parms.u32Height + 3) & ~3)
    750                          + parms.u32Width * 4 * parms.u32Height;
    751     }
    752 
    753     if (cbPointerData > cbShape - RT_UOFFSETOF(VBVAMOUSEPOINTERSHAPE, au8Data))
    754     {
    755         Log(("vbvaMousePointerShape: calculated pointer data size is too big (%d bytes, limit %d)\n",
    756              cbPointerData, cbShape - RT_UOFFSETOF(VBVAMOUSEPOINTERSHAPE, au8Data)));
    757         return VERR_INVALID_PARAMETER;
    758     }
    759 
     740        static const uint32_t s_cxMax = 2048; //used to be: 8192;
     741        static const uint32_t s_cyMax = 2048; //used to be: 8192;
     742        ASSERT_GUEST_MSG_RETURN(   SafeShape.u32Width  <= s_cxMax
     743                                || SafeShape.u32Height <= s_cyMax,
     744                                ("Too large: %ux%u, max %ux%x\n", SafeShape.u32Width, SafeShape.u32Height, s_cxMax, s_cyMax),
     745                                VERR_INVALID_PARAMETER);
     746
     747         cbPointerData = ((((SafeShape.u32Width + 7) / 8) * SafeShape.u32Height + 3) & ~3)
     748                       + SafeShape.u32Width * 4 * SafeShape.u32Height;
     749
     750         ASSERT_GUEST_MSG_RETURN(cbPointerData <= cbShape - RT_UOFFSETOF(VBVAMOUSEPOINTERSHAPE, au8Data),
     751                                 ("Insufficent pointer data: Expected %#x, got %#x\n",
     752                                  cbPointerData, cbShape - RT_UOFFSETOF(VBVAMOUSEPOINTERSHAPE, au8Data) ),
     753                                 VERR_INVALID_PARAMETER);
     754    }
     755    RT_UNTRUSTED_VALIDATED_FENCE();
     756
     757    /*
     758     * Do the job.
     759     */
    760760    /* Save mouse info it will be used to restore mouse pointer after restoring saved state. */
    761761    pCtx->mouseShapeInfo.fSet = true;
     
    764764    {
    765765        /* Data related to shape. */
    766         pCtx->mouseShapeInfo.u32HotX = parms.u32HotX;
    767         pCtx->mouseShapeInfo.u32HotY = parms.u32HotY;
    768         pCtx->mouseShapeInfo.u32Width = parms.u32Width;
    769         pCtx->mouseShapeInfo.u32Height = parms.u32Height;
     766        pCtx->mouseShapeInfo.u32HotX = SafeShape.u32HotX;
     767        pCtx->mouseShapeInfo.u32HotY = SafeShape.u32HotY;
     768        pCtx->mouseShapeInfo.u32Width = SafeShape.u32Width;
     769        pCtx->mouseShapeInfo.u32Height = SafeShape.u32Height;
    770770        pCtx->mouseShapeInfo.fAlpha = fAlpha;
    771771
     
    788788        if (pCtx->mouseShapeInfo.pu8Shape)
    789789        {
    790             memcpy(pCtx->mouseShapeInfo.pu8Shape, (void *)&pShape->au8Data[0], cbPointerData);
     790            RT_BCOPY_VOLATILE(pCtx->mouseShapeInfo.pu8Shape, &pShape->au8Data[0], cbPointerData);
    791791            pCtx->mouseShapeInfo.cbShape = cbPointerData;
    792792        }
    793793    }
    794794
    795     int rc = vbvaUpdateMousePointerShape(pVGAState, &pCtx->mouseShapeInfo, fShape);
    796 
    797     return rc;
     795    return vbvaUpdateMousePointerShape(pVGAState, &pCtx->mouseShapeInfo, fShape);
    798796}
    799797
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette