ports/emulators/qemu/files/patch-90_security

Index: qemu-0.8.2/hw/dma.c
===================================================================
--- qemu-0.8.2.orig/hw/dma.c	2006-07-22 20:23:34.000000000 +0300
+++ qemu-0.8.2/hw/dma.c	2007-04-20 06:05:59.000000000 +0300
@@ -340,9 +340,11 @@ static void channel_run (int ncont, int 
 #endif
 
     r = dma_controllers[ncont].regs + ichan;
-    n = r->transfer_handler (r->opaque, ichan + (ncont << 2),
-                             r->now[COUNT], (r->base[COUNT] + 1) << ncont);
-    r->now[COUNT] = n;
+    if (r->transfer_handler) {
+        n = r->transfer_handler (r->opaque, ichan + (ncont << 2),
+                                 r->now[COUNT], (r->base[COUNT] + 1) << ncont);
+        r->now[COUNT] = n;
+    }
     ldebug ("dma_pos %d size %d\n", n, (r->base[COUNT] + 1) << ncont);
 }
 
Index: qemu/hw/fdc.c
@@ -1322,7 +1322,8 @@
                                    fd_sector(cur_drv));
                     return 0;
                 }
-            if (bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
+            if (cur_drv->bs == NULL ||
+                bdrv_read(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
                 FLOPPY_DPRINTF("error getting sector %d\n",
                                fd_sector(cur_drv));
                 /* Sure, image size is too small... */
@@ -1776,7 +1777,8 @@
         if (pos == FD_SECTOR_LEN - 1 ||
             fdctrl->data_pos == fdctrl->data_len) {
             cur_drv = get_cur_drv(fdctrl);
-            if (bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
+            if (cur_drv->bs == NULL ||
+                bdrv_write(cur_drv->bs, fd_sector(cur_drv), fdctrl->fifo, 1) < 0) {
                 FLOPPY_ERROR("writing sector %d\n", fd_sector(cur_drv));
                 return;
             }
Index: qemu-0.8.2/hw/pc.c
===================================================================
--- qemu-0.8.2.orig/hw/pc.c	2007-04-20 06:05:58.000000000 +0300
+++ qemu-0.8.2/hw/pc.c	2007-04-20 06:05:59.000000000 +0300
@@ -312,7 +312,8 @@ void bochs_bios_write(void *opaque, uint
     case 0x400:
     case 0x401:
         fprintf(stderr, "BIOS panic at rombios.c, line %d\n", val);
-        exit(1);
+        /* according to documentation, these can be safely ignored */
+        break;
     case 0x402:
     case 0x403:
 #ifdef DEBUG_BIOS
@@ -335,8 +336,9 @@ void bochs_bios_write(void *opaque, uint
         /* LGPL'ed VGA BIOS messages */
     case 0x501:
     case 0x502:
+        /* according to documentation, these can be safely ignored */
         fprintf(stderr, "VGA BIOS panic, line %d\n", val);
-        exit(1);
+        break;
     case 0x500:
     case 0x503:
 #ifdef DEBUG_BIOS
Index: qemu-0.8.2/hw/sb16.c
===================================================================
--- qemu-0.8.2.orig/hw/sb16.c	2006-07-22 20:23:34.000000000 +0300
+++ qemu-0.8.2/hw/sb16.c	2007-04-20 06:05:59.000000000 +0300
@@ -1235,8 +1235,10 @@ static int SB_read_DMA (void *opaque, in
             s->block_size);
 #endif
 
-    while (s->left_till_irq <= 0) {
-        s->left_till_irq = s->block_size + s->left_till_irq;
+    if (s->block_size) {
+        while (s->left_till_irq <= 0) {
+            s->left_till_irq = s->block_size + s->left_till_irq;
+        }
     }
 
     return dma_pos;
Index: qemu/hw/i8259.c
@@ -302,7 +302,8 @@
             s->init4 = val & 1;
             s->single_mode = val & 2;
             if (val & 0x08)
-                hw_error("level sensitive irq not supported");
+                /* hw_error("level sensitive irq not supported"); */
+		return;
         } else if (val & 0x08) {
             if (val & 0x04)
                 s->poll = 1;