[Qemu-devel] segfault caused by graphic

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] segfault caused by graphic

From:	perrier vincent
Subject:	[Qemu-devel] segfault caused by graphic
Date:	Fri, 5 Jun 2015 16:27:36 -0500
User-agent:	SquirrelMail/1.5.2 [SVN]

For a lenny guest, using spice, with option vga=cirrus, I had segfault in:

file: ui/spice-display.c

function: qemu_spice_create_update(SimpleSpiceDisplay *ssd)

in call to: if (memcmp(guest + yoff + xoff,
                       mirror + yoff + xoff,
                       bw * bpp) == 0)

After printing stuff, I discovered that the mirror address boundaries
where not respected by mirror + yoff + xoff.

Here is how I make my version run without segfault, it is not a correction
since I do not understand the working of the code, but this needs an
official correction.

...
img_get_stride = pixman_image_get_stride(ssd->mirror);
img_height = pixman_image_get_height(ssd->mirror);
img_max = img_height * img_get_stride;
...
if (yoff > img_max)
{
if (dirty_top[blk] == -1)
  {
  dirty_top[blk] = y;
  }
}
else if (memcmp(guest + yoff + xoff,
                mirror + yoff + xoff,
                bw * bpp) == 0) {
...

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] segfault caused by graphic, perrier vincent <=

Prev by Date: [Qemu-devel] QEMU's CVE Procedures
Next by Date: [Qemu-devel] segfault in memcmp
Previous by thread: [Qemu-devel] QEMU's CVE Procedures
Next by thread: [Qemu-devel] segfault in memcmp
Index(es):
- Date
- Thread