Tree - rpms/spice - CentOS Git server

rpms / spice

Files

Commit: e2c81d16b90b90b95b119aa44f88f1340220ed87

Blob Blame History Raw

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@gmail.com>
Date: Wed, 6 Aug 2014 18:34:56 +0200
Subject: [PATCH] Fix crash when clearing surface memory

The beginning of the surface data needs to be computed correctly if the
stride is negative, otherwise, it should point already to the beginning
of the surface data. This bug seems to exists since 4a208b (0.5.2)

https://bugzilla.redhat.com/show_bug.cgi?id=1029646
---
 server/red_worker.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/red_worker.c b/server/red_worker.c
index 7a1c2d9..d7962c5 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -9654,7 +9654,11 @@ static inline void red_create_surface(RedWorker *worker, uint32_t surface_id, ui
     surface->context.stride = stride;
     surface->context.line_0 = line_0;
     if (!data_is_valid) {
-        memset((char *)line_0 + (int32_t)(stride * (height - 1)), 0, height*abs(stride));
+        char *data = line_0;
+        if (stride < 0) {
+            data -= abs(stride) * (height - 1);
+        }
+        memset(data, 0, height*abs(stride));
     }
     surface->create.info = NULL;
     surface->destroy.info = NULL;

rpms / spice

Source Code

Files