On Mon, Nov 28, 2016 at 11:52:08AM +0530, P J P wrote: > | > --- a/hw/display/cirrus_vga.c > | > +++ b/hw/display/cirrus_vga.c > | > @@ -272,6 +272,9 @@ static void cirrus_update_memory_access(CirrusVGAState > | > *s); > | > static bool blit_region_is_unsafe(struct CirrusVGAState *s, > | > int32_t pitch, int32_t addr) > | > { > | > + if (!pitch) { > | > + return true; > | > + } > | > > | > | That doesn't look directly related to 'cirrus_get_bpp', care to explain? > > 'blit_region_is_unsafe' is called from 'blit_is_unsafe' to check if blit > parameters (cirrus_blt_srcpitch/cirrus_blt_dstpitch) are safe for > 'cirrus_do_copy'. These too could lead to div by zero in cirrus_do_copy
This change is causing display artifacts in QEMU 2.8. What seems to happen is that blit_is_unsafe() is also called for CIRRUS_BLTMODE_PATTERNCOPY, but in this case cirrus_blt_srcpitch is not used. However, because of this new check if its value is 0 then cirrus_bitblt_common_patterncopy() returns early and becomes a no-op. Berto