aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFranck Bui-Huu <fbuihuu@gmail.com>2006-12-08 05:40:48 -0500
committerLinus Torvalds <torvalds@woody.osdl.org>2006-12-08 11:29:07 -0500
commit024cd7e08896884cfd58c78cd1f2103be12e3c09 (patch)
tree889a534d0bdd5d20499450cda47dd504dfa7d967
parent3d5eeaddad9338f39d25ee0c6c2ab1eda1ed2ef6 (diff)
[PATCH] softcursor.c: avoid unaligned accesses
Fix some possible unaligned accesses when accessing fields of 'image' pointer. Indeed this pointer was obtained by allocating a block of memory that embeds a temporary array plus an image structure. The temporary buffer was located at the start of the allocated block and depending on its size, the image structure which comes right after can be unaligned. For example when using mini fonts (4x6) (cursor's width is 4 and its height is 6) the temporary buf size is 6 bytes. Therefore this patch moves the image structure to the start of the block and moves the temporary buffer right after. It makes 'image' pointer always aligned and since the tempo buf is a buffer of char, it's always correctly aligned as well. It also fixes the file header alignement. Signed-off-by: Franck Bui-Huu <fbuihuu@gmail.com> Cc: James Simmons <jsimmons@infradead.org> Cc: "Antonino A. Daplas" <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--drivers/video/console/softcursor.c26
1 files changed, 13 insertions, 13 deletions
diff --git a/drivers/video/console/softcursor.c b/drivers/video/console/softcursor.c
index 7d07d8383569..f577bd80e020 100644
--- a/drivers/video/console/softcursor.c
+++ b/drivers/video/console/softcursor.c
@@ -1,11 +1,13 @@
1/* 1/*
2 * linux/drivers/video/softcursor.c -- Generic software cursor for frame buffer devices 2 * linux/drivers/video/softcursor.c
3 *
4 * Generic software cursor for frame buffer devices
3 * 5 *
4 * Created 14 Nov 2002 by James Simmons 6 * Created 14 Nov 2002 by James Simmons
5 * 7 *
6 * This file is subject to the terms and conditions of the GNU General Public 8 * This file is subject to the terms and conditions of the GNU General
7 * License. See the file COPYING in the main directory of this archive 9 * Public License. See the file COPYING in the main directory of this
8 * for more details. 10 * archive for more details.
9 */ 11 */
10 12
11#include <linux/module.h> 13#include <linux/module.h>
@@ -25,7 +27,7 @@ int soft_cursor(struct fb_info *info, struct fb_cursor *cursor)
25 unsigned int buf_align = info->pixmap.buf_align - 1; 27 unsigned int buf_align = info->pixmap.buf_align - 1;
26 unsigned int i, size, dsize, s_pitch, d_pitch; 28 unsigned int i, size, dsize, s_pitch, d_pitch;
27 struct fb_image *image; 29 struct fb_image *image;
28 u8 *dst; 30 u8 *src, *dst;
29 31
30 if (info->state != FBINFO_STATE_RUNNING) 32 if (info->state != FBINFO_STATE_RUNNING)
31 return 0; 33 return 0;
@@ -45,7 +47,8 @@ int soft_cursor(struct fb_info *info, struct fb_cursor *cursor)
45 } 47 }
46 } 48 }
47 49
48 image = (struct fb_image *) (ops->cursor_src + dsize); 50 src = ops->cursor_src + sizeof(struct fb_image);
51 image = (struct fb_image *)ops->cursor_src;
49 *image = cursor->image; 52 *image = cursor->image;
50 d_pitch = (s_pitch + scan_align) & ~scan_align; 53 d_pitch = (s_pitch + scan_align) & ~scan_align;
51 54
@@ -57,21 +60,18 @@ int soft_cursor(struct fb_info *info, struct fb_cursor *cursor)
57 switch (cursor->rop) { 60 switch (cursor->rop) {
58 case ROP_XOR: 61 case ROP_XOR:
59 for (i = 0; i < dsize; i++) 62 for (i = 0; i < dsize; i++)
60 ops->cursor_src[i] = image->data[i] ^ 63 src[i] = image->data[i] ^ cursor->mask[i];
61 cursor->mask[i];
62 break; 64 break;
63 case ROP_COPY: 65 case ROP_COPY:
64 default: 66 default:
65 for (i = 0; i < dsize; i++) 67 for (i = 0; i < dsize; i++)
66 ops->cursor_src[i] = image->data[i] & 68 src[i] = image->data[i] & cursor->mask[i];
67 cursor->mask[i];
68 break; 69 break;
69 } 70 }
70 } else 71 } else
71 memcpy(ops->cursor_src, image->data, dsize); 72 memcpy(src, image->data, dsize);
72 73
73 fb_pad_aligned_buffer(dst, d_pitch, ops->cursor_src, s_pitch, 74 fb_pad_aligned_buffer(dst, d_pitch, src, s_pitch, image->height);
74 image->height);
75 image->data = dst; 75 image->data = dst;
76 info->fbops->fb_imageblit(info, image); 76 info->fbops->fb_imageblit(info, image);
77 return 0; 77 return 0;