From dac776fdbf62cb279966fc06c22e652fc4365343 Mon Sep 17 00:00:00 2001 From: Bruce Evans Date: Mon, 25 Mar 2019 11:48:40 +0000 Subject: [PATCH] Fix another type of buffer overrun for segmented modes. The buffer index was not taken modulo the window size in VGLClear(). Segmented modes also need a kernel fix to almost work. The ioctl to set the window origin is broken. These bugs are rarely problems since non-VESA modes only need segmentation to support multiple pages but libvgl doesn't support multiple pages and treats these modes as non-segmented, and VESA modes are usually mapped linearly except on old hardware so they really are non-segmented. --- lib/libvgl/simple.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/libvgl/simple.c b/lib/libvgl/simple.c index 0605bbadd2ba..070dad590edf 100644 --- a/lib/libvgl/simple.c +++ b/lib/libvgl/simple.c @@ -535,7 +535,8 @@ VGLClear(VGLBitmap *object, u_long color) VGLSetSegment(offset); len = min(total - offset, VGLAdpInfo.va_window_size); for (i = 0; i < len; i += object->PixelBytes) - bcopy(b, object->Bitmap + offset + i, object->PixelBytes); + bcopy(object->Bitmap + (offset + i) % VGLAdpInfo.va_window_size, b, + object->PixelBytes); offset += len; } break;