From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1FRQFQ-0004oQ-KN
	for qemu-devel@nongnu.org; Thu, 06 Apr 2006 04:53:48 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1FRQFP-0004o4-8e
	for qemu-devel@nongnu.org; Thu, 06 Apr 2006 04:53:48 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1FRQFO-0004nw-Vo
	for qemu-devel@nongnu.org; Thu, 06 Apr 2006 04:53:47 -0400
Received: from [64.233.162.202] (helo=zproxy.gmail.com)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1FRQJ6-0004Ho-JH
	for qemu-devel@nongnu.org; Thu, 06 Apr 2006 04:57:36 -0400
Received: by zproxy.gmail.com with SMTP id s1so90246nze
	for <qemu-devel@nongnu.org>; Thu, 06 Apr 2006 01:53:46 -0700 (PDT)
Message-ID: <6fe044190604060153i6b43333dlec41c663f2229cd3@mail.gmail.com>
From: "Kenneth Duda" <kduda@arastra.com>
Sender: ken.duda@gmail.com
In-Reply-To: <6fe044190604060146i4377f13eub00639e764074f2e@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_Part_2608_10002337.1144313626530"
References: <6fe044190604060146i4377f13eub00639e764074f2e@mail.gmail.com>
Subject: [Qemu-devel] Patch for minor qemu heap corruption bug when the
	console is zero width
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Date: Thu, 06 Apr 2006 08:53:49 -0000
To: qemu-devel@nongnu.org

------=_Part_2608_10002337.1144313626530
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

This patch fixes a minor bug that mcheck picked up.  I don't know if
it ever causes problems in practice.

   -Ken

------=_Part_2608_10002337.1144313626530
Content-Type: text/plain; name=qemu-zero-width-console.patch; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Attachment-Id: f_elouivg7
Content-Disposition: attachment; filename="qemu-zero-width-console.patch"

diff -burN qemu-snapshot-2006-03-27_23.orig/console.c qemu-snapshot-2006-03-27_23/console.c
--- qemu-snapshot-2006-03-27_23.orig/console.c	2006-03-11 07:35:30.000000000 -0800
+++ qemu-snapshot-2006-03-27_23/console.c	2006-04-06 00:25:41.000000000 -0700
@@ -407,7 +407,8 @@
     if (s->width < w1)
         w1 = s->width;
 
-    cells = qemu_malloc(s->width * s->total_height * sizeof(TextCell));
+    cells = qemu_malloc((s->width * s->total_height + 1) * sizeof(TextCell));
+    /* Add one extra in case s->width is 0, so we can still store one character. */
     for(y = 0; y < s->total_height; y++) {
         c = &cells[y * s->width];
         if (w1 > 0) {


------=_Part_2608_10002337.1144313626530--