[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption |
Date: |
Wed, 2 Mar 2011 18:47:40 +0000 |
On 2 March 2011 18:36, Stefan Weil <address@hidden> wrote:
> No. I dont't think that the third parameter of bitmap_clear is
> ok like that. See my patch for the correct value.
Wen's patch:
+ const size_t width = ds_get_width(vd->ds) / 16;
[...]
- bitmap_set(width_mask, 0, (ds_get_width(vd->ds) / 16));
- bitmap_clear(width_mask, (ds_get_width(vd->ds) / 16),
- VNC_DIRTY_WORDS * BITS_PER_LONG);
+ bitmap_set(width_mask, 0, width);
+ bitmap_clear(width_mask, width, VNC_DIRTY_WORDS * BITS_PER_LONG - width);
Your patch:
bitmap_clear(width_mask, (ds_get_width(vd->ds) / 16),
- VNC_DIRTY_WORDS * BITS_PER_LONG);
+ (VNC_MAX_WIDTH - ds_get_width(vd->ds)) / 16);
Since ui/vnc.h has:
#define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * BITS_PER_LONG))
the third parameter to bitmap_clear is the same value in
both cases, isn't it? Or is this a rounding bug?
-- PMM
[Qemu-devel] Re: [PATCH RESEND v2 1/2] fix vnc regression, Corentin Chary, 2011/03/02
[Qemu-devel] [PATCH 3/3] correct VNC_DIRTY_WORDS on 64 bit machine, Wen Congyang, 2011/03/02