[Qemu-devel] [PATCH for-2.5] vnc: fix segfault

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH for-2.5] vnc: fix segfault
@ 2015-11-25  7:09 Gerd Hoffmann
  2015-11-25 15:10 ` Anthony PERARD
  0 siblings, 1 reply; 2+ messages in thread
From: Gerd Hoffmann @ 2015-11-25  7:09 UTC (permalink / raw)
  To: qemu-devel; +Cc: Anthony PERARD, Gerd Hoffmann, Xen Devel

Commit "c7628bf vnc: only alloc server surface with clients connected"
missed one rarely used codepath (cirrus with guest drivers using 2d
accel) where we have to check for the server surface being present,
to avoid qemu crashing with a NULL pointer dereference.  Add the check.

Reported-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/vnc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ui/vnc.c b/ui/vnc.c
index c9f2fed..7538405 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -931,6 +931,11 @@ static void vnc_dpy_copy(DisplayChangeListener *dcl,
     int i, x, y, pitch, inc, w_lim, s;
     int cmp_bytes;
 
+    if (!vd->server) {
+        /* no client connected */
+        return;
+    }
+
     vnc_refresh_server_surface(vd);
     QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
         if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
-- 
1.8.3.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [Qemu-devel] [PATCH for-2.5] vnc: fix segfault
  2015-11-25  7:09 [Qemu-devel] [PATCH for-2.5] vnc: fix segfault Gerd Hoffmann
@ 2015-11-25 15:10 ` Anthony PERARD
  0 siblings, 0 replies; 2+ messages in thread
From: Anthony PERARD @ 2015-11-25 15:10 UTC (permalink / raw)
  To: Gerd Hoffmann; +Cc: qemu-devel, Xen Devel

On Wed, Nov 25, 2015 at 08:09:58AM +0100, Gerd Hoffmann wrote:
> Commit "c7628bf vnc: only alloc server surface with clients connected"
> missed one rarely used codepath (cirrus with guest drivers using 2d
> accel) where we have to check for the server surface being present,
> to avoid qemu crashing with a NULL pointer dereference.  Add the check.
> 
> Reported-by: Anthony PERARD <anthony.perard@citrix.com>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

This works for me.

Thanks.

> ---
>  ui/vnc.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/ui/vnc.c b/ui/vnc.c
> index c9f2fed..7538405 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -931,6 +931,11 @@ static void vnc_dpy_copy(DisplayChangeListener *dcl,
>      int i, x, y, pitch, inc, w_lim, s;
>      int cmp_bytes;
>  
> +    if (!vd->server) {
> +        /* no client connected */
> +        return;
> +    }
> +
>      vnc_refresh_server_surface(vd);
>      QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
>          if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
> -- 
> 1.8.3.1
> 

-- 
Anthony PERARD

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-11-25 15:11 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-25  7:09 [Qemu-devel] [PATCH for-2.5] vnc: fix segfault Gerd Hoffmann
2015-11-25 15:10 ` Anthony PERARD

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).