From: Anthony Liguori <anthony@codemonkey.ws>
To: Chris Webb <chris@arachsys.com>
Cc: qemu-devel@nongnu.org, kvm@vger.kernel.org
Subject: [Qemu-devel] Re: Another VNC crash, qemu-kvm-0.12.3
Date: Wed, 03 Mar 2010 08:23:23 -0600 [thread overview]
Message-ID: <4B8E70DB.4080108@codemonkey.ws> (raw)
In-Reply-To: <20100301181416.GB15908@arachsys.com>
On 03/01/2010 12:14 PM, Chris Webb wrote:
> We've just seen another VNC related qemu-kvm crash, this time an arithmetic
> exception at vnc.c:1424 in the newly release qemu-kvm 0.12.3.
>
> [...]
> 1423 if (vs->absolute) {
> 1424 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
> 1425 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
> 1426 dz, buttons);
> 1427 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
> 1428 x -= 0x7FFF;
> [...]
>
> and sure enough:
>
> (gdb) p vs->ds->surface->width
> $1 = 9
> (gdb) p vs->ds->surface->height
> $2 = 1
>
> What a 9x1 display surface is doing on this guest is a mystery to me, but you
> definitely can't divide by one less than its height!
>
Can you reproduce this reliably? If so, what's the procedure?
BTW, I'd suggest filing this at http://bugs.launchpad.net/qemu
Regards,
Anthony Liguori
> (gdb) p *vs
> $3 = {csock = 19, ds = 0x1c60fa0, dirty = {{4294967295, 4294967295, 4294967295, 4294967295,
> 4294967295}<repeats 2048 times>}, vd = 0x26a0110, need_update = 1, force_update = 0, features = 67,
> absolute = 1, last_x = -1, last_y = -1, vnc_encoding = 5, tight_quality = 9 '\t', tight_compression = 9 '\t',
> major = 3, minor = 8, challenge = "¹{\177\226\200kÕjéPñÄA¤o)", output = {capacity = 925115, offset = 0,
> buffer = 0x28ba4b0 ""}, input = {capacity = 5120, offset = 6, buffer = 0x28b90a0 "\005"},
> write_pixels = 0x4bb9e0<vnc_write_pixels_generic>, send_hextile_tile = 0x4bcdf0<send_hextile_tile_generic_32>,
> clientds = {flags = 0 '\0', width = 800, height = 600, linesize = 3200, data = 0x7fcd00ab6010 "", pf = {
> bits_per_pixel = 32 ' ', bytes_per_pixel = 4 '\004', depth = 24 '\030', rmask = 0, gmask = 0, bmask = 0,
> amask = 0, rshift = 16 '\020', gshift = 8 '\b', bshift = 0 '\0', ashift = 24 '\030', rmax = 255 'ÿ',
> gmax = 255 'ÿ', bmax = 255 'ÿ', amax = 255 'ÿ', rbits = 8 '\b', gbits = 8 '\b', bbits = 8 '\b',
> abits = 8 '\b'}}, audio_cap = 0x0, as = {freq = 44100, nchannels = 2, fmt = AUD_FMT_S16, endianness = 0},
> read_handler = 0x4beac0<protocol_client_msg>, read_handler_expect = 6, modifiers_state = '\0'<repeats 255 times>,
> zlib = {capacity = 0, offset = 0, buffer = 0x0}, zlib_tmp = {capacity = 0, offset = 0, buffer = 0x0},
> zlib_stream = {{next_in = 0x0, avail_in = 0, total_in = 0, next_out = 0x0, avail_out = 0, total_out = 0, msg = 0x0,
> state = 0x0, zalloc = 0, zfree = 0, opaque = 0x0, data_type = 0, adler = 0, reserved = 0}, {next_in = 0x0,
> avail_in = 0, total_in = 0, next_out = 0x0, avail_out = 0, total_out = 0, msg = 0x0, state = 0x0, zalloc = 0,
> zfree = 0, opaque = 0x0, data_type = 0, adler = 0, reserved = 0}, {next_in = 0x0, avail_in = 0, total_in = 0,
> next_out = 0x0, avail_out = 0, total_out = 0, msg = 0x0, state = 0x0, zalloc = 0, zfree = 0, opaque = 0x0,
> data_type = 0, adler = 0, reserved = 0}, {next_in = 0x0, avail_in = 0, total_in = 0, next_out = 0x0,
> avail_out = 0, total_out = 0, msg = 0x0, state = 0x0, zalloc = 0, zfree = 0, opaque = 0x0, data_type = 0,
> adler = 0, reserved = 0}}, next = 0x0}
>
> (gdb) p *vs->ds
> $4 = {surface = 0x1c81f40, opaque = 0x26a0110, gui_timer = 0x0, allocator = 0x8199d0, listeners = 0x1c95fa0,
> mouse_set = 0, cursor_define = 0, next = 0x0}
>
> (gdb) p *vs->ds->surface
> $5 = {flags = 2 '\002', width = 9, height = 1, linesize = 36, data = 0x7fcd00ab6010 "", pf = {
> bits_per_pixel = 32 ' ', bytes_per_pixel = 4 '\004', depth = 24 '\030', rmask = 16711680, gmask = 65280,
> bmask = 255, amask = 0, rshift = 16 '\020', gshift = 8 '\b', bshift = 0 '\0', ashift = 24 '\030', rmax = 255 'ÿ',
> gmax = 255 'ÿ', bmax = 255 'ÿ', amax = 255 'ÿ', rbits = 8 '\b', gbits = 8 '\b', bbits = 8 '\b', abits = 8 '\b'}}
>
> Cheers,
>
> Chris.
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2010-03-03 14:23 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-21 17:23 [Qemu-devel] qemu-kvm 0.12.2 VNC segfault Chris Webb
2010-02-22 8:54 ` [Qemu-devel] " Avi Kivity
2010-02-22 19:06 ` Chris Webb
2010-02-22 21:36 ` Anthony Liguori
2010-03-01 18:14 ` [Qemu-devel] Another VNC crash, qemu-kvm-0.12.3 Chris Webb
2010-03-03 14:23 ` Anthony Liguori [this message]
2010-03-05 16:52 ` [Qemu-devel] " Chris Webb
2010-03-05 19:57 ` Alexander Graf
2010-03-06 8:53 ` Chris Webb
2010-03-08 14:34 ` [Qemu-devel] [PATCH] Fix SIGFPE for vnc display of width/height = 1 Chris Webb
2010-03-08 18:15 ` Chris Webb
2010-03-17 15:59 ` Anthony Liguori
2010-03-17 16:55 ` Alexander Graf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B8E70DB.4080108@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=chris@arachsys.com \
--cc=kvm@vger.kernel.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).