[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption |
Date: |
Wed, 2 Mar 2011 22:40:41 +0000 |
On 2 March 2011 22:01, Stefan Weil <address@hidden> wrote:
> The part missing in my patch is correct handling of another
> rounding effect:
>
> VNC_DIRTY_WORDS is exact for 32 bit long values (and the
> "old" code which used uint32_t until some weeks ago), where
> VNC_DIRTY_WORDS = 2560/16/32 = 5.
>
> For 64 bit values, VNC_DIRTY_WORDS = 2560/16/64 = 2 (rounded)!
Yes, I noticed that after I posted. Given that we have arrays
like
unsigned long dirty[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
rounding down rather than up looks a bit suspicious...
(Can we just make VNC_MAX_WIDTH a multiple of 64, or is it
baked into the VNC protocol?)
-- PMM
- [Qemu-devel] [PATCH RESEND v2 1/2] fix vnc regression, Wen Congyang, 2011/03/01
- [Qemu-devel] [PATCH RESEND 2/2] vnc: Fix heap corruption, Wen Congyang, 2011/03/01
- [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption, Corentin Chary, 2011/03/02
- [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption, Stefan Weil, 2011/03/02
- Re: [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption, Peter Maydell, 2011/03/02
- Re: [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption, Stefan Weil, 2011/03/02
- Re: [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption, Stefan Weil, 2011/03/02
- Re: [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption, Wen Congyang, 2011/03/02
- Re: [Qemu-devel] Re: [PATCH RESEND 2/2] vnc: Fix heap corruption,
Peter Maydell <=
[Qemu-devel] Re: [PATCH RESEND v2 1/2] fix vnc regression, Corentin Chary, 2011/03/02
[Qemu-devel] [PATCH 3/3] correct VNC_DIRTY_WORDS on 64 bit machine, Wen Congyang, 2011/03/02