[Qemu-devel] [PATCH] qxl-render: add more sanity checks

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] qxl-render: add more sanity checks
@ 2014-08-29  7:38 Gerd Hoffmann
  2014-08-29  7:57 ` Gerd Hoffmann
  0 siblings, 1 reply; 2+ messages in thread
From: Gerd Hoffmann @ 2014-08-29  7:38 UTC (permalink / raw)
  To: qemu-devel; +Cc: Gerd Hoffmann, Anthony Liguori

Damn, the dirty rectangle values are signed integers.  So the checks
added by commit 788fbf042fc6d5aaeab56757e6dad622ac5f0c21 are not good
enouth, we also have to make sure they are not negative.

[ Note: There must be something broken in spice-server so we get
  negative values in the first place.  Bug opened:
  https://bugzilla.redhat.com/show_bug.cgi?id=1135372 ]

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/vnc.c | 42 ++++++++++++++++++++++--------------------
 ui/vnc.h |  1 +
 2 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index f8d9b7d..b33f6b3 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -46,7 +46,8 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
 #include "vnc_keysym.h"
 #include "d3des.h"
 
-static VncDisplay *vnc_display; /* needed for info vnc */
+static QTAILQ_HEAD(, VncDisplay) vnc_displays =
+    QTAILQ_HEAD_INITIALIZER(vnc_displays);
 
 static int vnc_cursor_define(VncState *vs);
 static void vnc_release_modifiers(VncState *vs);
@@ -226,10 +227,10 @@ static const char *vnc_auth_name(VncDisplay *vd) {
     return "unknown";
 }
 
-static VncServerInfo *vnc_server_info_get(void)
+static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
 {
     VncServerInfo *info;
-    VncBasicInfo *bi = vnc_basic_info_get_from_server_addr(vnc_display->lsock);
+    VncBasicInfo *bi = vnc_basic_info_get_from_server_addr(vd->lsock);
     if (!bi) {
         return NULL;
     }
@@ -237,7 +238,7 @@ static VncServerInfo *vnc_server_info_get(void)
     info = g_malloc(sizeof(*info));
     info->base = bi;
     info->has_auth = true;
-    info->auth = g_strdup(vnc_auth_name(vnc_display));
+    info->auth = g_strdup(vnc_auth_name(vd));
     return info;
 }
 
@@ -282,7 +283,7 @@ static void vnc_qmp_event(VncState *vs, QAPIEvent event)
     }
     g_assert(vs->info->base);
 
-    si = vnc_server_info_get();
+    si = vnc_server_info_get(vs->vd);
     if (!si) {
         return;
     }
@@ -348,8 +349,9 @@ static VncClientInfo *qmp_query_vnc_client(const VncState *client)
 VncInfo *qmp_query_vnc(Error **errp)
 {
     VncInfo *info = g_malloc0(sizeof(*info));
+    VncDisplay *vd = QTAILQ_FIRST(&vnc_displays);
 
-    if (vnc_display == NULL || vnc_display->display == NULL) {
+    if (vd == NULL || vd->display == NULL) {
         info->enabled = false;
     } else {
         VncClientInfoList *cur_item = NULL;
@@ -364,7 +366,7 @@ VncInfo *qmp_query_vnc(Error **errp)
         /* for compatibility with the original command */
         info->has_clients = true;
 
-        QTAILQ_FOREACH(client, &vnc_display->clients, next) {
+        QTAILQ_FOREACH(client, &vd->clients, next) {
             VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
             cinfo->value = qmp_query_vnc_client(client);
 
@@ -377,11 +379,11 @@ VncInfo *qmp_query_vnc(Error **errp)
             }
         }
 
-        if (vnc_display->lsock == -1) {
+        if (vd->lsock == -1) {
             return info;
         }
 
-        if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
+        if (getsockname(vd->lsock, (struct sockaddr *)&sa,
                         &salen) == -1) {
             error_set(errp, QERR_UNDEFINED_ERROR);
             goto out_error;
@@ -405,7 +407,7 @@ VncInfo *qmp_query_vnc(Error **errp)
         info->family = inet_netfamily(sa.ss_family);
 
         info->has_auth = true;
-        info->auth = g_strdup(vnc_auth_name(vnc_display));
+        info->auth = g_strdup(vnc_auth_name(vd));
     }
 
     return info;
@@ -853,7 +855,7 @@ static int vnc_cursor_define(VncState *vs)
 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
                                   QEMUCursor *c)
 {
-    VncDisplay *vd = vnc_display;
+    VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
     VncState *vs;
 
     cursor_put(vd->cursor);
@@ -2944,7 +2946,7 @@ void vnc_display_init(DisplayState *ds)
 {
     VncDisplay *vs = g_malloc0(sizeof(*vs));
 
-    vnc_display = vs;
+    QTAILQ_INSERT_TAIL(&vnc_displays, vs, next);
 
     vs->lsock = -1;
 #ifdef CONFIG_VNC_WS
@@ -2974,7 +2976,7 @@ void vnc_display_init(DisplayState *ds)
 
 static void vnc_display_close(DisplayState *ds)
 {
-    VncDisplay *vs = vnc_display;
+    VncDisplay *vs = QTAILQ_FIRST(&vnc_displays);
 
     if (!vs)
         return;
@@ -3003,7 +3005,7 @@ static void vnc_display_close(DisplayState *ds)
 
 int vnc_display_password(DisplayState *ds, const char *password)
 {
-    VncDisplay *vs = vnc_display;
+    VncDisplay *vs = QTAILQ_FIRST(&vnc_displays);
 
     if (!vs) {
         return -EINVAL;
@@ -3022,7 +3024,7 @@ int vnc_display_password(DisplayState *ds, const char *password)
 
 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
 {
-    VncDisplay *vs = vnc_display;
+    VncDisplay *vs = QTAILQ_FIRST(&vnc_displays);
 
     if (!vs) {
         return -EINVAL;
@@ -3034,14 +3036,14 @@ int vnc_display_pw_expire(DisplayState *ds, time_t expires)
 
 char *vnc_display_local_addr(DisplayState *ds)
 {
-    VncDisplay *vs = vnc_display;
-    
+    VncDisplay *vs = QTAILQ_FIRST(&vnc_displays);
+
     return vnc_socket_local_addr("%s:%s", vs->lsock);
 }
 
 void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
 {
-    VncDisplay *vs = vnc_display;
+    VncDisplay *vs = QTAILQ_FIRST(&vnc_displays);
     const char *options;
     int password = 0;
     int reverse = 0;
@@ -3057,7 +3059,7 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
 #endif
     int lock_key_sync = 1;
 
-    if (!vnc_display) {
+    if (!vs) {
         error_setg(errp, "VNC display not active");
         return;
     }
@@ -3356,7 +3358,7 @@ fail:
 
 void vnc_display_add_client(DisplayState *ds, int csock, bool skipauth)
 {
-    VncDisplay *vs = vnc_display;
+    VncDisplay *vs = QTAILQ_FIRST(&vnc_displays);
 
     vnc_connect(vs, csock, skipauth, false);
 }
diff --git a/ui/vnc.h b/ui/vnc.h
index 334de9d..a7cdcea 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -184,6 +184,7 @@ struct VncDisplay
 #ifdef CONFIG_VNC_SASL
     VncDisplaySASL sasl;
 #endif
+    QTAILQ_ENTRY(VncDisplay) next;
 };
 
 typedef struct VncTight {
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [Qemu-devel] [PATCH] qxl-render: add more sanity checks
  2014-08-29  7:38 [Qemu-devel] [PATCH] qxl-render: add more sanity checks Gerd Hoffmann
@ 2014-08-29  7:57 ` Gerd Hoffmann
  0 siblings, 0 replies; 2+ messages in thread
From: Gerd Hoffmann @ 2014-08-29  7:57 UTC (permalink / raw)
  To: qemu-devel; +Cc: Anthony Liguori

On Fr, 2014-08-29 at 09:38 +0200, Gerd Hoffmann wrote:
> Damn, the dirty rectangle values are signed integers.  So the checks
> added by commit 788fbf042fc6d5aaeab56757e6dad622ac5f0c21 are not good
> enouth, we also have to make sure they are not negative.
> 
> [ Note: There must be something broken in spice-server so we get
>   negative values in the first place.  Bug opened:
>   https://bugzilla.redhat.com/show_bug.cgi?id=1135372 ]
> 
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  ui/vnc.c | 42 ++++++++++++++++++++++--------------------
>  ui/vnc.h |  1 +

Oops, scratch that, totally messed up :(

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2014-08-29  7:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-29  7:38 [Qemu-devel] [PATCH] qxl-render: add more sanity checks Gerd Hoffmann
2014-08-29  7:57 ` Gerd Hoffmann

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).