rpms / qemu

Clone
Source Code
GIT

Blame 0022-spice-display-fix-segfault-in-qemu_spice_create_upda.patch

el4 el5 el6 eln epel7 f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fc6 main private-bonzini-demo private-bonzini-demo-f20 private-bonzini-el6 private-bonzini-mpath private-bonzini-tcmalloc private-ehabkost-fixing-exclusivearch private-glommer-merge rawhide
  1.   5e0a9247b57a35a1a55ab65a28ec69653dcbc01a
  2.   0022-spice-display-fix-segfault-in-qemu_spice_create_upda.patch
Blob History Raw
5e0a924 
From: Gerd Hoffmann <kraxel@redhat.com>
5e0a924 
Date: Tue, 9 Jun 2015 21:08:47 +0200
5e0a924 
Subject: [PATCH] spice-display: fix segfault in qemu_spice_create_update
5e0a924
5e0a924 
Although it is pretty unusual the stride for the guest image and the
5e0a924 
mirror image maintained by spice-display can be different.  So use
5e0a924 
separate variables for them.
5e0a924
5e0a924 
https://bugzilla.redhat.com/show_bug.cgi?id=1163047
5e0a924
5e0a924 
Cc: qemu-stable@nongnu.org
5e0a924 
Reported-by: perrier vincent <clownix@clownix.net>
5e0a924 
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5e0a924 
(cherry picked from commit c6e484707f28b3e115e64122a0570f6b3c585489)
5e0a924 
---
5e0a924 
 ui/spice-display.c | 9 +++++----
5e0a924 
 1 file changed, 5 insertions(+), 4 deletions(-)
5e0a924
5e0a924 
diff --git a/ui/spice-display.c b/ui/spice-display.c
5e0a924 
index def7b52..ded5b72 100644
5e0a924 
--- a/ui/spice-display.c
5e0a924 
+++ b/ui/spice-display.c
5e0a924 
@@ -199,7 +199,7 @@ static void qemu_spice_create_update(SimpleSpiceDisplay *ssd)
5e0a924 
     static const int blksize = 32;
5e0a924 
     int blocks = (surface_width(ssd->ds) + blksize - 1) / blksize;
5e0a924 
     int dirty_top[blocks];
5e0a924 
-    int y, yoff, x, xoff, blk, bw;
5e0a924 
+    int y, yoff1, yoff2, x, xoff, blk, bw;
5e0a924 
     int bpp = surface_bytes_per_pixel(ssd->ds);
5e0a924 
     uint8_t *guest, *mirror;
5e0a924
5e0a924 
@@ -220,13 +220,14 @@ static void qemu_spice_create_update(SimpleSpiceDisplay *ssd)
5e0a924 
     guest = surface_data(ssd->ds);
5e0a924 
     mirror = (void *)pixman_image_get_data(ssd->mirror);
5e0a924 
     for (y = ssd->dirty.top; y < ssd->dirty.bottom; y++) {
5e0a924 
-        yoff = y * surface_stride(ssd->ds);
5e0a924 
+        yoff1 = y * surface_stride(ssd->ds);
5e0a924 
+        yoff2 = y * pixman_image_get_stride(ssd->mirror);
5e0a924 
         for (x = ssd->dirty.left; x < ssd->dirty.right; x += blksize) {
5e0a924 
             xoff = x * bpp;
5e0a924 
             blk = x / blksize;
5e0a924 
             bw = MIN(blksize, ssd->dirty.right - x);
5e0a924 
-            if (memcmp(guest + yoff + xoff,
5e0a924 
-                       mirror + yoff + xoff,
5e0a924 
+            if (memcmp(guest + yoff1 + xoff,
5e0a924 
+                       mirror + yoff2 + xoff,
5e0a924 
                        bw * bpp) == 0) {
5e0a924 
                 if (dirty_top[blk] != -1) {
5e0a924 
                     QXLRect update = {
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.