|
|
9ae3a8 |
From 25bafb9e1c938197a716d21010ab532aa85b82bf Mon Sep 17 00:00:00 2001
|
|
|
9ae3a8 |
From: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
9ae3a8 |
Date: Thu, 11 Jun 2015 15:17:36 +0200
|
|
|
9ae3a8 |
Subject: [PATCH 4/4] spice-display: fix segfault in qemu_spice_create_update
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Message-id: <1434035856-9153-2-git-send-email-kraxel@redhat.com>
|
|
|
9ae3a8 |
Patchwork-id: 65858
|
|
|
9ae3a8 |
O-Subject: [RHEL-7.2 qemu-kvm PATCH 1/1] spice-display: fix segfault in qemu_spice_create_update
|
|
|
9ae3a8 |
Bugzilla: 1230808
|
|
|
9ae3a8 |
RH-Acked-by: Bandan Das <bsd@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Although it is pretty unusual the stride for the guest image and the
|
|
|
9ae3a8 |
mirror image maintained by spice-display can be different. So use
|
|
|
9ae3a8 |
separate variables for them.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Cc: qemu-stable@nongnu.org
|
|
|
9ae3a8 |
Reported-by: perrier vincent <clownix@clownix.net>
|
|
|
9ae3a8 |
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
9ae3a8 |
(cherry picked from commit c6e484707f28b3e115e64122a0570f6b3c585489)
|
|
|
9ae3a8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
---
|
|
|
9ae3a8 |
ui/spice-display.c | 9 +++++----
|
|
|
9ae3a8 |
1 file changed, 5 insertions(+), 4 deletions(-)
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
diff --git a/ui/spice-display.c b/ui/spice-display.c
|
|
|
9ae3a8 |
index dc8be8a..d29d2ab 100644
|
|
|
9ae3a8 |
--- a/ui/spice-display.c
|
|
|
9ae3a8 |
+++ b/ui/spice-display.c
|
|
|
9ae3a8 |
@@ -199,7 +199,7 @@ static void qemu_spice_create_update(SimpleSpiceDisplay *ssd)
|
|
|
9ae3a8 |
static const int blksize = 32;
|
|
|
9ae3a8 |
int blocks = (surface_width(ssd->ds) + blksize - 1) / blksize;
|
|
|
9ae3a8 |
int dirty_top[blocks];
|
|
|
9ae3a8 |
- int y, yoff, x, xoff, blk, bw;
|
|
|
9ae3a8 |
+ int y, yoff1, yoff2, x, xoff, blk, bw;
|
|
|
9ae3a8 |
int bpp = surface_bytes_per_pixel(ssd->ds);
|
|
|
9ae3a8 |
uint8_t *guest, *mirror;
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
@@ -220,13 +220,14 @@ static void qemu_spice_create_update(SimpleSpiceDisplay *ssd)
|
|
|
9ae3a8 |
guest = surface_data(ssd->ds);
|
|
|
9ae3a8 |
mirror = (void *)pixman_image_get_data(ssd->mirror);
|
|
|
9ae3a8 |
for (y = ssd->dirty.top; y < ssd->dirty.bottom; y++) {
|
|
|
9ae3a8 |
- yoff = y * surface_stride(ssd->ds);
|
|
|
9ae3a8 |
+ yoff1 = y * surface_stride(ssd->ds);
|
|
|
9ae3a8 |
+ yoff2 = y * pixman_image_get_stride(ssd->mirror);
|
|
|
9ae3a8 |
for (x = ssd->dirty.left; x < ssd->dirty.right; x += blksize) {
|
|
|
9ae3a8 |
xoff = x * bpp;
|
|
|
9ae3a8 |
blk = x / blksize;
|
|
|
9ae3a8 |
bw = MIN(blksize, ssd->dirty.right - x);
|
|
|
9ae3a8 |
- if (memcmp(guest + yoff + xoff,
|
|
|
9ae3a8 |
- mirror + yoff + xoff,
|
|
|
9ae3a8 |
+ if (memcmp(guest + yoff1 + xoff,
|
|
|
9ae3a8 |
+ mirror + yoff2 + xoff,
|
|
|
9ae3a8 |
bw * bpp) == 0) {
|
|
|
9ae3a8 |
if (dirty_top[blk] != -1) {
|
|
|
9ae3a8 |
QXLRect update = {
|
|
|
9ae3a8 |
--
|
|
|
9ae3a8 |
1.8.3.1
|
|
|
9ae3a8 |
|