From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Anthony Liguori <aliguori@amazon.com>
Subject: [Qemu-devel] [PULL 2/2] spice: fix coverity reported defect in display code
Date: Thu, 22 Jan 2015 12:18:34 +0100 [thread overview]
Message-ID: <1421925514-12398-3-git-send-email-kraxel@redhat.com> (raw)
In-Reply-To: <1421925514-12398-1-git-send-email-kraxel@redhat.com>
Report:
1. Condition surface, taking false branch
406 if (surface && ssd->surface &&
407 surface_width(surface) == pixman_image_get_width(ssd->surface) &&
408 surface_height(surface) == pixman_image_get_height(ssd->surface)) {
409 /* no-resize fast path: just swap backing store */
...
10. alias_transfer: Assigning: ssd->ds = surface.
440 ssd->ds = surface;
11. var_deref_op: Dereferencing null pointer ssd->ds.
CID 1264334 (#1 of 1): Dereference after null check (FORWARD_NULL)
441 ssd->surface = pixman_image_ref(ssd->ds->image);
Fix:
Move code block dereferencing ssd->ds into the already existing
if (ssd->ds) { ... } block.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/spice-display.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/ui/spice-display.c b/ui/spice-display.c
index 8c87212..1644185 100644
--- a/ui/spice-display.c
+++ b/ui/spice-display.c
@@ -438,9 +438,6 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd,
qemu_mutex_lock(&ssd->lock);
need_destroy = (ssd->ds != NULL);
ssd->ds = surface;
- ssd->surface = pixman_image_ref(ssd->ds->image);
- ssd->mirror = qemu_pixman_mirror_create(ssd->ds->format,
- ssd->ds->image);
while ((update = QTAILQ_FIRST(&ssd->updates)) != NULL) {
QTAILQ_REMOVE(&ssd->updates, update, next);
qemu_spice_destroy_update(ssd, update);
@@ -450,6 +447,9 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd,
qemu_spice_destroy_host_primary(ssd);
}
if (ssd->ds) {
+ ssd->surface = pixman_image_ref(ssd->ds->image);
+ ssd->mirror = qemu_pixman_mirror_create(ssd->ds->format,
+ ssd->ds->image);
qemu_spice_create_host_primary(ssd);
}
--
1.8.3.1
next prev parent reply other threads:[~2015-01-22 11:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-01-22 11:18 [Qemu-devel] [PULL 0/2] spice: fix coverity defect, add unix address support Gerd Hoffmann
2015-01-22 11:18 ` [Qemu-devel] [PULL 1/2] spice: " Gerd Hoffmann
2015-01-22 11:18 ` Gerd Hoffmann [this message]
2015-01-22 17:41 ` [Qemu-devel] [PULL 0/2] spice: fix coverity defect, " Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1421925514-12398-3-git-send-email-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=aliguori@amazon.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).