Re: [Qemu-devel] [PATCH 05/10] qxl: dont update invalid area

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Michael Tokarev <mjt@tls.msk.ru>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: Alon Levy <alevy@redhat.com>,
	qemu-devel@nongnu.org, Dunrong Huang <riegamaths@gmail.com>
Subject: Re: [Qemu-devel] [PATCH 05/10] qxl: dont update invalid area
Date: Wed, 19 Sep 2012 17:40:02 +0400	[thread overview]
Message-ID: <5059CB32.2020605@msgid.tls.msk.ru> (raw)
In-Reply-To: <1347525926-28563-6-git-send-email-kraxel@redhat.com>

On 13.09.2012 12:45, Gerd Hoffmann wrote:
> From: Dunrong Huang <riegamaths@gmail.com>
> 
> This patch fixes the following error:
> 
> $ ~/usr/bin/qemu-system-x86_64 -enable-kvm -m 1024 -spice port=5900,disable-ticketing -vga qxl -cdrom ~/Images/linuxmint-13-mate-dvd-32bit.iso
> (/home/mathslinux/usr/bin/qemu-system-x86_64:10068): SpiceWorker-CRITICAL **: red_worker.c:4599:red_update_area: condition `area->left >= 0 && area->top >= 0 && area->left < area->right && area->top < area->bottom' failed
> Aborted
> 
> spice server terminates QEMU process if we pass invalid area to it,
> so dont update those invalid areas.
> 
> Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  hw/qxl.c |    7 +++++++
>  1 files changed, 7 insertions(+), 0 deletions(-)
> 
> diff --git a/hw/qxl.c b/hw/qxl.c
> index 257a37d..0176b1a 100644
> --- a/hw/qxl.c
> +++ b/hw/qxl.c
> @@ -1470,6 +1470,13 @@ async_common:
>              return;
>          }
>  
> +        if (update.left < 0 || update.top < 0 || update.left >= update.right ||
> +            update.top >= update.bottom) {
> +            qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: "
> +                              "invalid area(%d,%d,%d,%d)\n", update.left,
> +                              update.right, update.top, update.bottom);
> +            break;
> +        }

Please take a look at the previous chunk of code, which was
added in 511b13e2c9b426b3c56060909693de5097f0b496
"qxl/update_area_io: guest_bug on invalid parameters" by alevy:

+        if (d->ram->update_surface > NUM_SURFACES) {
+            qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: invalid surface id %d\n",
+                              d->ram->update_surface);
+            return;
+        }
+        if (update.left >= update.right || update.top >= update.bottom) {
+            qxl_set_guest_bug(d,
+                    "QXL_IO_UPDATE_AREA: invalid area (%ux%u)x(%ux%u)\n",
+                    update.left, update.top, update.right, update.bottom);
+            return;
+        }
+

Now, this place looks.. well.. funny.

A (trivial) cleanup patch is on the way.

Thanks,

/mjt

next prev parent reply	other threads:[~2012-09-19 13:48 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-09-13  8:45 [Qemu-devel] [PULL 00/10] spice patch queue Gerd Hoffmann
2012-09-13  8:45 ` [Qemu-devel] [PATCH 01/10] spice: switch to queue for vga mode updates Gerd Hoffmann
2012-09-13  8:45 ` [Qemu-devel] [PATCH 02/10] spice: split qemu_spice_create_update Gerd Hoffmann
2012-09-14 18:16   ` Blue Swirl
2012-09-13  8:45 ` [Qemu-devel] [PATCH 03/10] spice: add screen mirror Gerd Hoffmann
2012-09-13  8:45 ` [Qemu-devel] [PATCH 04/10] spice: send updates only for changed screen content Gerd Hoffmann
2012-09-13  8:45 ` [Qemu-devel] [PATCH 05/10] qxl: dont update invalid area Gerd Hoffmann
2012-09-19 13:40   ` Michael Tokarev [this message]
2012-09-13  8:45 ` [Qemu-devel] [PATCH 06/10] qxl: Ignore set_client_capabilities pre/post migrate Gerd Hoffmann
2012-09-13  8:45 ` [Qemu-devel] [PATCH 07/10] qxl: better cleanup for surface destroy Gerd Hoffmann
2012-09-13  8:45 ` [Qemu-devel] [PATCH 08/10] hw/qxl: tracing fixes Gerd Hoffmann
2012-09-13  8:45 ` [Qemu-devel] [PATCH 09/10] qxl: add trace-event for QXL_IO_LOG Gerd Hoffmann
2012-09-13  8:45 ` [Qemu-devel] [PATCH 10/10] hw/qxl: support client monitor configuration via device Gerd Hoffmann
2012-09-14  8:01 ` [Qemu-devel] [PULL 00/10] spice patch queue Michael Tokarev
2012-09-14  8:31   ` Gerd Hoffmann
2012-09-17 18:20 ` Anthony Liguori

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5059CB32.2020605@msgid.tls.msk.ru \
    --to=mjt@tls.msk.ru \
    --cc=alevy@redhat.com \
    --cc=kraxel@redhat.com \
    --cc=qemu-devel@nongnu.org \
    --cc=riegamaths@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.