From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LSYYa-0002vj-CI
	for qemu-devel@nongnu.org; Thu, 29 Jan 2009 10:11:52 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LSYYY-0002uB-5l
	for qemu-devel@nongnu.org; Thu, 29 Jan 2009 10:11:51 -0500
Received: from [199.232.76.173] (port=51303 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LSYYX-0002tv-TU
	for qemu-devel@nongnu.org; Thu, 29 Jan 2009 10:11:49 -0500
Received: from an-out-0708.google.com ([209.85.132.244]:13549)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1LSYYX-0007Xd-D6
	for qemu-devel@nongnu.org; Thu, 29 Jan 2009 10:11:49 -0500
Received: by an-out-0708.google.com with SMTP id b6so1950297ana.37
	for <qemu-devel@nongnu.org>; Thu, 29 Jan 2009 07:11:48 -0800 (PST)
Message-ID: <4981C724.3020000@codemonkey.ws>
Date: Thu, 29 Jan 2009 09:11:32 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
References: <1233228298-4844-1-git-send-email-agraf@suse.de>
	<1233228298-4844-2-git-send-email-agraf@suse.de>
	<1233228298-4844-3-git-send-email-agraf@suse.de>
	<1233228298-4844-4-git-send-email-agraf@suse.de>
	<1233228298-4844-5-git-send-email-agraf@suse.de>
In-Reply-To: <1233228298-4844-5-git-send-email-agraf@suse.de>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] Re: [PATCH 4/7] Make vnc buffer big-chunk aware
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>
Cc: qemu-devel@nongnu.org

Alexander Graf wrote:
> Currently writing to buffers is protected by buffer_reserve.
> Unfortunately, is reserves at most 1024 bytes more than we currently
> have, so if we want to write a 2048 bytes chunk, we overwrite
> random memory.
>   

Yikes!

> This patch addresses this in a pretty dumb but easy way.
>
> Signed-off-by: Alexander Graf <agraf@suse.de>
> ---
>  vnc.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/vnc.c b/vnc.c
> index 4b17f85..d0d9580 100644
> --- a/vnc.c
> +++ b/vnc.c
> @@ -592,7 +592,7 @@ static int vnc_listen_poll(void *opaque)
>  
>  static void buffer_reserve(Buffer *buffer, size_t len)
>  {
> -    if ((buffer->capacity - buffer->offset) < len) {
> +    while ((buffer->capacity - buffer->offset) < len) {
>  	buffer->capacity += (len + 1024);
>   

Okay, I no longer believe you.

If we want to write len bytes, and we increase capacity by (len + 1024) 
bytes, then we should be fine.  The reason it's len + 1024 vs just len 
is to avoid many qemu_realloc()s on many small reservations (like for 
adding u32s).

Regards,

Anthony Liguori
>  	buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
>  	if (buffer->buffer == NULL) {
>