qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] segfault in memcmp

From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] segfault in memcmp
Date: Mon, 8 Jun 2015 10:31:25 +0100
User-agent: Mutt/1.5.23 (2014-03-12) 
On Fri, Jun 05, 2015 at 05:19:53PM -0500, perrier vincent wrote:
> Using a very old guest (lenny) with spice and vga=cirrus, I have
> a segfault:
> 
> FILE:      ui/spice-display.c
> FUNCTION:  qemu_spice_create_update
> LINE:      if (memcmp(guest + yoff + xoff,
>                        mirror + yoff + xoff,
>                        bw * bpp) == 0)
> 
> The address of mirror + yoff + xoff is out of boundaries.
> 
> I use the following to avoid the crash:
> 
> ...
>   img_get_stride = pixman_image_get_stride(ssd->mirror);
>   img_height = pixman_image_get_height(ssd->mirror);
>   img_max = img_height * img_get_stride;
> ...
>   if (yoff > img_max)
>     {
>     if (dirty_top[blk] == -1)
>       dirty_top[blk] = y;
>     }
>   else if (memcmp(guest + yoff + xoff,
>                   mirror + yoff + xoff,
>                   bw * bpp) == 0)
>     {
> ...

Thanks for the report.  I have CCed Gerd Hoffmann who maintains the
graphics subsystem.

Attachment: pgpqMhM7bu9OF.pgp
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]