From: "Volker Rümelin" <vr_qemu@t-online.de>
To: Gerd Hoffmann <kraxel@redhat.com>
Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Kshitij Suri" <kshitij.suri@nutanix.com>,
qemu-devel@nongnu.org
Subject: [PATCH v2] ui/console: fix three double frees in png_save()
Date: Mon, 19 Sep 2022 08:19:56 +0200 [thread overview]
Message-ID: <20220919061956.30929-1-vr_qemu@t-online.de> (raw)
The png_destroy_write_struct() function frees all memory used by
libpng. Don't use the glib auto cleanup mechanism to free the
memory allocated by libpng again. For the pixman image, use only the
auto cleanup mechanism and remove the qemu_pixman_image_unref()
function call to prevent another double free.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1210
Fixes: 9a0a119a38 ("Added parameter to take screenshot with screendump as PNG")
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
---
v2:
There's no need to inititalize info_ptr with NULL. (Philippe)
ui/console.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/ui/console.c b/ui/console.c
index 765892f84f..da179e1832 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -304,8 +304,8 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
{
int width = pixman_image_get_width(image);
int height = pixman_image_get_height(image);
- g_autofree png_struct *png_ptr = NULL;
- g_autofree png_info *info_ptr = NULL;
+ png_struct *png_ptr;
+ png_info *info_ptr;
g_autoptr(pixman_image_t) linebuf =
qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width);
uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf);
@@ -346,7 +346,6 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
qemu_pixman_linebuf_fill(linebuf, image, width, 0, y);
png_write_row(png_ptr, buf);
}
- qemu_pixman_image_unref(linebuf);
png_write_end(png_ptr, NULL);
--
2.35.3
reply other threads:[~2022-09-19 6:25 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220919061956.30929-1-vr_qemu@t-online.de \
--to=vr_qemu@t-online.de \
--cc=f4bug@amsat.org \
--cc=kraxel@redhat.com \
--cc=kshitij.suri@nutanix.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).