render / rpms / qemu

Forked from rpms/qemu 10 months ago
Clone

Blame 0215-qxl-dont-update-invalid-area.patch

Hans de Goede c8dfc6
From 6f1652c4412ab60c7f456100143c519d124a895c Mon Sep 17 00:00:00 2001
Hans de Goede c8dfc6
From: Dunrong Huang <riegamaths@gmail.com>
Hans de Goede c8dfc6
Date: Fri, 31 Aug 2012 00:44:44 +0800
Hans de Goede c8dfc6
Subject: [PATCH 215/215] qxl: dont update invalid area
Hans de Goede c8dfc6
Hans de Goede c8dfc6
This patch fixes the following error:
Hans de Goede c8dfc6
Hans de Goede c8dfc6
$ ~/usr/bin/qemu-system-x86_64 -enable-kvm -m 1024 -spice port=5900,disable-ticketing -vga qxl -cdrom ~/Images/linuxmint-13-mate-dvd-32bit.iso
Hans de Goede c8dfc6
(/home/mathslinux/usr/bin/qemu-system-x86_64:10068): SpiceWorker-CRITICAL **: red_worker.c:4599:red_update_area: condition `area->left >= 0 && area->top >= 0 && area->left < area->right && area->top < area->bottom' failed
Hans de Goede c8dfc6
Aborted
Hans de Goede c8dfc6
Hans de Goede c8dfc6
spice server terminates QEMU process if we pass invalid area to it,
Hans de Goede c8dfc6
so dont update those invalid areas.
Hans de Goede c8dfc6
Hans de Goede c8dfc6
Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
Hans de Goede c8dfc6
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Hans de Goede c8dfc6
---
Hans de Goede c8dfc6
 hw/qxl.c | 7 +++++++
Hans de Goede c8dfc6
 1 file changed, 7 insertions(+)
Hans de Goede c8dfc6
Hans de Goede c8dfc6
diff --git a/hw/qxl.c b/hw/qxl.c
Hans de Goede c8dfc6
index b726c19..045432e 100644
Hans de Goede c8dfc6
--- a/hw/qxl.c
Hans de Goede c8dfc6
+++ b/hw/qxl.c
Hans de Goede c8dfc6
@@ -1470,6 +1470,13 @@ async_common:
Hans de Goede c8dfc6
             return;
Hans de Goede c8dfc6
         }
Hans de Goede c8dfc6
 
Hans de Goede c8dfc6
+        if (update.left < 0 || update.top < 0 || update.left >= update.right ||
Hans de Goede c8dfc6
+            update.top >= update.bottom) {
Hans de Goede c8dfc6
+            qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: "
Hans de Goede c8dfc6
+                              "invalid area(%d,%d,%d,%d)\n", update.left,
Hans de Goede c8dfc6
+                              update.right, update.top, update.bottom);
Hans de Goede c8dfc6
+            break;
Hans de Goede c8dfc6
+        }
Hans de Goede c8dfc6
         if (async == QXL_ASYNC) {
Hans de Goede c8dfc6
             cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
Hans de Goede c8dfc6
                                     QXL_IO_UPDATE_AREA_ASYNC);
Hans de Goede c8dfc6
-- 
Hans de Goede c8dfc6
1.7.12
Hans de Goede c8dfc6