2 files changed, 37 insertions, 1 deletions
diff --git a/meta/recipes-devtools/qemu/qemu-0.12.4/cursor-shadow-fix.patch b/meta/recipes-devtools/qemu/qemu-0.12.4/cursor-shadow-fix.patch
new file mode 100644
index 0000000000..6600c4303f
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu-0.12.4/cursor-shadow-fix.patch
@@ -0,0 +1,35 @@
+Fix the mouse shadow in qemu
+the root cause is that the qemu cursor array is hardcoded to 256 bytes, while the sato use cursor of the size 64*64=4096, thus lead buffer overflow and abnormal mouse.
+This issue has been fixed in upstream starting from v0.13.0-rc0. v0.12.5 still has this issue. So when qemu is upgraded to 0.13.0 or above, this patch can be safely removed.
+Signed-off-by: Yu Ke <ke.yu@intel.com>
+diff --git a/sdl.c b/sdl.c
+index 7912c91..2f33cd2 100644
+--- a/sdl.c
+++ b/sdl.c
+@@ -775,12 +775,12 @@ static void sdl_mouse_define(int width, int height, int bpp,
+                              int hot_x, int hot_y,
+                              uint8_t *image, uint8_t *mask)
+ {
+-    uint8_t sprite[256], *line;
+    uint8_t *sprite, *line;
+     int x, y, dst, bypl, src = 0;
+     if (guest_sprite)
+         SDL_FreeCursor(guest_sprite);
+ 
+-    memset(sprite, 0, 256);
+    sprite = (uint8_t*)qemu_mallocz(width * height);
+     bypl = ((width * bpp + 31) >> 5) << 2;
+     for (y = 0, dst = 0; y < height; y ++, image += bypl) {
+         line = image;
+@@ -818,6 +818,7 @@ static void sdl_mouse_define(int width, int height, int bpp,
+     if (guest_cursor &&
+             (gui_grab || kbd_mouse_is_absolute() || absolute_enabled))
+         SDL_SetCursor(guest_sprite);
+       qemu_free(sprite);
+ }
+ 
+ static void sdl_cleanup(void)
diff --git a/meta/recipes-devtools/qemu/qemu_0.12.4.bb b/meta/recipes-devtools/qemu/qemu_0.12.4.bb
index e448eb9b17..86e6561e11 100644
--- a/meta/recipes-devtools/qemu/qemu_0.12.4.bb
+++ b/meta/recipes-devtools/qemu/qemu_0.12.4.bb
@@ -1,6 +1,6 @@
 require qemu.inc
-PR = "r20"
+PR = "r21"
 FILESPATH = "${FILE_DIRNAME}/qemu-${PV}"
 FILESDIR = "${WORKDIR}"
@@ -19,6 +19,7 @@ SRC_URI = "\
    file://qemu-ppc-hack.patch \
    file://enable-i386-linux-user.patch \
    file://arm-cp15-fix.patch \
+    file://cursor-shadow-fix.patch \
    file://powerpc_rom.bin"
 do_install_append () {

diff --git a/meta/recipes-devtools/qemu/qemu-0.12.4/cursor-shadow-fix.patch b/meta/recipes-devtools/qemu/qemu-0.12.4/cursor-shadow-fix.patch new file mode 100644 index 0000000000..6600c4303f --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu-0.12.4/cursor-shadow-fix.patch
@@ -0,0 +1,35 @@
		1	Fix the mouse shadow in qemu
		2
		3	the root cause is that the qemu cursor array is hardcoded to 256 bytes, while the sato use cursor of the size 64*64=4096, thus lead buffer overflow and abnormal mouse.
		4
		5	This issue has been fixed in upstream starting from v0.13.0-rc0. v0.12.5 still has this issue. So when qemu is upgraded to 0.13.0 or above, this patch can be safely removed.
		6
		7	Signed-off-by: Yu Ke <ke.yu@intel.com>
		8
		9	diff --git a/sdl.c b/sdl.c
		10	index 7912c91..2f33cd2 100644
		11	--- a/sdl.c
		12	+++ b/sdl.c
		13	@@ -775,12 +775,12 @@ static void sdl_mouse_define(int width, int height, int bpp,
		14	int hot_x, int hot_y,
		15	uint8_t image, uint8_t mask)
		16	{
		17	- uint8_t sprite[256], *line;
		18	+ uint8_t sprite, line;
		19	int x, y, dst, bypl, src = 0;
		20	if (guest_sprite)
		21	SDL_FreeCursor(guest_sprite);
		22
		23	- memset(sprite, 0, 256);
		24	+ sprite = (uint8_t)qemu_mallocz(width height);
		25	bypl = ((width * bpp + 31) >> 5) << 2;
		26	for (y = 0, dst = 0; y < height; y ++, image += bypl) {
		27	line = image;
		28	@@ -818,6 +818,7 @@ static void sdl_mouse_define(int width, int height, int bpp,
		29	if (guest_cursor &&
		30	(gui_grab \|\| kbd_mouse_is_absolute() \|\| absolute_enabled))
		31	SDL_SetCursor(guest_sprite);
		32	+ qemu_free(sprite);
		33	}
		34
		35	static void sdl_cleanup(void)


diff --git a/meta/recipes-devtools/qemu/qemu_0.12.4.bb b/meta/recipes-devtools/qemu/qemu_0.12.4.bb index e448eb9b17..86e6561e11 100644 --- a/meta/recipes-devtools/qemu/qemu_0.12.4.bb +++ b/meta/recipes-devtools/qemu/qemu_0.12.4.bb
@@ -1,6 +1,6 @@
1	require qemu.inc	1	require qemu.inc
2		2
3	PR = "r20"	3	PR = "r21"
4		4
5	FILESPATH = "${FILE_DIRNAME}/qemu-${PV}"	5	FILESPATH = "${FILE_DIRNAME}/qemu-${PV}"
6	FILESDIR = "${WORKDIR}"	6	FILESDIR = "${WORKDIR}"
@@ -19,6 +19,7 @@ SRC_URI = "\
19	file://qemu-ppc-hack.patch \	19	file://qemu-ppc-hack.patch \
20	file://enable-i386-linux-user.patch \	20	file://enable-i386-linux-user.patch \
21	file://arm-cp15-fix.patch \	21	file://arm-cp15-fix.patch \
		22	file://cursor-shadow-fix.patch \
22	file://powerpc_rom.bin"	23	file://powerpc_rom.bin"
23		24
24	do_install_append () {	25	do_install_append () {