peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone

Blame 0155-qxl-dont-update-invalid-area.patch

5544c1
From 4007ba909e0188ed03d5a1fc1dde094d0ac14488 Mon Sep 17 00:00:00 2001
Hans de Goede c8dfc6
From: Dunrong Huang <riegamaths@gmail.com>
Hans de Goede c8dfc6
Date: Fri, 31 Aug 2012 00:44:44 +0800
5544c1
Subject: [PATCH] qxl: dont update invalid area
Hans de Goede c8dfc6
Hans de Goede c8dfc6
This patch fixes the following error:
Hans de Goede c8dfc6
Hans de Goede c8dfc6
$ ~/usr/bin/qemu-system-x86_64 -enable-kvm -m 1024 -spice port=5900,disable-ticketing -vga qxl -cdrom ~/Images/linuxmint-13-mate-dvd-32bit.iso
Hans de Goede c8dfc6
(/home/mathslinux/usr/bin/qemu-system-x86_64:10068): SpiceWorker-CRITICAL **: red_worker.c:4599:red_update_area: condition `area->left >= 0 && area->top >= 0 && area->left < area->right && area->top < area->bottom' failed
Hans de Goede c8dfc6
Aborted
Hans de Goede c8dfc6
Hans de Goede c8dfc6
spice server terminates QEMU process if we pass invalid area to it,
Hans de Goede c8dfc6
so dont update those invalid areas.
Hans de Goede c8dfc6
Hans de Goede c8dfc6
Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
Hans de Goede c8dfc6
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
5544c1
(cherry picked from commit ccc2960d654a233a6ed415b37d8ff41728d817c5)
5544c1
5544c1
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
Hans de Goede c8dfc6
---
Hans de Goede c8dfc6
 hw/qxl.c | 7 +++++++
Hans de Goede c8dfc6
 1 file changed, 7 insertions(+)
Hans de Goede c8dfc6
Hans de Goede c8dfc6
diff --git a/hw/qxl.c b/hw/qxl.c
5544c1
index 27f3779..038a8bb 100644
Hans de Goede c8dfc6
--- a/hw/qxl.c
Hans de Goede c8dfc6
+++ b/hw/qxl.c
5544c1
@@ -1448,6 +1448,13 @@ async_common:
Hans de Goede c8dfc6
             return;
Hans de Goede c8dfc6
         }
Hans de Goede c8dfc6
 
Hans de Goede c8dfc6
+        if (update.left < 0 || update.top < 0 || update.left >= update.right ||
Hans de Goede c8dfc6
+            update.top >= update.bottom) {
Hans de Goede c8dfc6
+            qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: "
Hans de Goede c8dfc6
+                              "invalid area(%d,%d,%d,%d)\n", update.left,
Hans de Goede c8dfc6
+                              update.right, update.top, update.bottom);
Hans de Goede c8dfc6
+            break;
Hans de Goede c8dfc6
+        }
Hans de Goede c8dfc6
         if (async == QXL_ASYNC) {
Hans de Goede c8dfc6
             cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
Hans de Goede c8dfc6
                                     QXL_IO_UPDATE_AREA_ASYNC);
Hans de Goede c8dfc6
-- 
5544c1
1.7.12.1
Hans de Goede c8dfc6