|
 |
fce154 |
From 1898f3949cf75422aa1fedba40c429b28d8d6b67 Mon Sep 17 00:00:00 2001
|
|
|
fce154 |
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
|
|
|
fce154 |
Date: Wed, 6 Aug 2014 18:34:56 +0200
|
|
|
fce154 |
Subject: [PATCH spice] Fix crash when clearing surface memory
|
|
|
fce154 |
|
|
|
fce154 |
The beginning of the surface data needs to be computed correctly if the
|
|
|
fce154 |
stride is negative, otherwise, it should point already to the beginning
|
|
|
fce154 |
of the surface data. This bug seems to exists since 4a208b (0.5.2)
|
|
|
fce154 |
|
|
|
fce154 |
https://bugzilla.redhat.com/show_bug.cgi?id=1029646
|
|
|
fce154 |
---
|
|
|
fce154 |
server/red_worker.c | 6 +++++-
|
|
|
fce154 |
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
fce154 |
|
|
|
fce154 |
diff --git a/server/red_worker.c b/server/red_worker.c
|
|
|
fce154 |
index 6bdad93..35a1a04 100644
|
|
|
fce154 |
--- a/server/red_worker.c
|
|
|
fce154 |
+++ b/server/red_worker.c
|
|
|
fce154 |
@@ -9470,7 +9470,11 @@ static inline void red_create_surface(RedWorker *worker, uint32_t surface_id, ui
|
|
|
fce154 |
surface->context.stride = stride;
|
|
|
fce154 |
surface->context.line_0 = line_0;
|
|
|
fce154 |
if (!data_is_valid) {
|
|
|
fce154 |
- memset((char *)line_0 + (int32_t)(stride * (height - 1)), 0, height*abs(stride));
|
|
|
fce154 |
+ char *data = line_0;
|
|
|
fce154 |
+ if (stride < 0) {
|
|
|
fce154 |
+ data -= abs(stride) * (height - 1);
|
|
|
fce154 |
+ }
|
|
|
fce154 |
+ memset(data, 0, height*abs(stride));
|
|
|
fce154 |
}
|
|
|
fce154 |
surface->create.info = NULL;
|
|
|
fce154 |
surface->destroy.info = NULL;
|
|
|
fce154 |
--
|
|
|
fce154 |
1.9.3
|
|
|
fce154 |
|