spice-display: fix segfault in qemu_spice_create_update
Although it is pretty unusual the stride for the guest image and the mirror image maintained by spice-display can be different. So use separate variables for them. https://bugzilla.redhat.com/show_bug.cgi?id=1163047 Cc: qemu-stable@nongnu.org Reported-by: perrier vincent <clownix@clownix.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
This commit is contained in:
parent
0e12e61ff9
commit
c6e484707f
@ -199,7 +199,7 @@ static void qemu_spice_create_update(SimpleSpiceDisplay *ssd)
|
|||||||
static const int blksize = 32;
|
static const int blksize = 32;
|
||||||
int blocks = (surface_width(ssd->ds) + blksize - 1) / blksize;
|
int blocks = (surface_width(ssd->ds) + blksize - 1) / blksize;
|
||||||
int dirty_top[blocks];
|
int dirty_top[blocks];
|
||||||
int y, yoff, x, xoff, blk, bw;
|
int y, yoff1, yoff2, x, xoff, blk, bw;
|
||||||
int bpp = surface_bytes_per_pixel(ssd->ds);
|
int bpp = surface_bytes_per_pixel(ssd->ds);
|
||||||
uint8_t *guest, *mirror;
|
uint8_t *guest, *mirror;
|
||||||
|
|
||||||
@ -214,13 +214,14 @@ static void qemu_spice_create_update(SimpleSpiceDisplay *ssd)
|
|||||||
guest = surface_data(ssd->ds);
|
guest = surface_data(ssd->ds);
|
||||||
mirror = (void *)pixman_image_get_data(ssd->mirror);
|
mirror = (void *)pixman_image_get_data(ssd->mirror);
|
||||||
for (y = ssd->dirty.top; y < ssd->dirty.bottom; y++) {
|
for (y = ssd->dirty.top; y < ssd->dirty.bottom; y++) {
|
||||||
yoff = y * surface_stride(ssd->ds);
|
yoff1 = y * surface_stride(ssd->ds);
|
||||||
|
yoff2 = y * pixman_image_get_stride(ssd->mirror);
|
||||||
for (x = ssd->dirty.left; x < ssd->dirty.right; x += blksize) {
|
for (x = ssd->dirty.left; x < ssd->dirty.right; x += blksize) {
|
||||||
xoff = x * bpp;
|
xoff = x * bpp;
|
||||||
blk = x / blksize;
|
blk = x / blksize;
|
||||||
bw = MIN(blksize, ssd->dirty.right - x);
|
bw = MIN(blksize, ssd->dirty.right - x);
|
||||||
if (memcmp(guest + yoff + xoff,
|
if (memcmp(guest + yoff1 + xoff,
|
||||||
mirror + yoff + xoff,
|
mirror + yoff2 + xoff,
|
||||||
bw * bpp) == 0) {
|
bw * bpp) == 0) {
|
||||||
if (dirty_top[blk] != -1) {
|
if (dirty_top[blk] != -1) {
|
||||||
QXLRect update = {
|
QXLRect update = {
|
||||||
|
Loading…
Reference in New Issue
Block a user