From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43405)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1YBiIs-0006JY-8m
	for qemu-devel@nongnu.org; Thu, 15 Jan 2015 06:09:31 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1YBiIq-0004DY-3u
	for qemu-devel@nongnu.org; Thu, 15 Jan 2015 06:09:30 -0500
Received: from mx1.redhat.com ([209.132.183.28]:39492)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kraxel@redhat.com>) id 1YBiIp-0004DP-TE
	for qemu-devel@nongnu.org; Thu, 15 Jan 2015 06:09:28 -0500
From: Gerd Hoffmann <kraxel@redhat.com>
Date: Thu, 15 Jan 2015 12:09:22 +0100
Message-Id: <1421320162-10326-1-git-send-email-kraxel@redhat.com>
Subject: [Qemu-devel] [PATCH] spice: fix coverity reported defect in display
	code
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>, Gerd Hoffmann <kraxel@redhat.com>, Anthony Liguori <aliguori@amazon.com>

Report:

1. Condition surface, taking false branch
406    if (surface && ssd->surface &&
407        surface_width(surface) == pixman_image_get_width(ssd->surface) &&
408        surface_height(surface) == pixman_image_get_height(ssd->surface)) {
409        /* no-resize fast path: just swap backing store */
...

10. alias_transfer: Assigning: ssd->ds = surface.
440    ssd->ds = surface;

11. var_deref_op: Dereferencing null pointer ssd->ds.
CID 1264334 (#1 of 1): Dereference after null check (FORWARD_NULL)
441    ssd->surface = pixman_image_ref(ssd->ds->image);

Fix:

Move code block dereferencing ssd->ds into the already existing
if (ssd->ds) { ... } block.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/spice-display.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ui/spice-display.c b/ui/spice-display.c
index d2e3793..04952f3 100644
--- a/ui/spice-display.c
+++ b/ui/spice-display.c
@@ -438,9 +438,6 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd,
     qemu_mutex_lock(&ssd->lock);
     need_destroy = (ssd->ds != NULL);
     ssd->ds = surface;
-    ssd->surface = pixman_image_ref(ssd->ds->image);
-    ssd->mirror  = qemu_pixman_mirror_create(ssd->ds->format,
-                                             ssd->ds->image);
     while ((update = QTAILQ_FIRST(&ssd->updates)) != NULL) {
         QTAILQ_REMOVE(&ssd->updates, update, next);
         qemu_spice_destroy_update(ssd, update);
@@ -450,6 +447,9 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd,
         qemu_spice_destroy_host_primary(ssd);
     }
     if (ssd->ds) {
+        ssd->surface = pixman_image_ref(ssd->ds->image);
+        ssd->mirror  = qemu_pixman_mirror_create(ssd->ds->format,
+                                                 ssd->ds->image);
         qemu_spice_create_host_primary(ssd);
     }
 
-- 
1.8.3.1