* [Qemu-devel] Patch for minor qemu heap corruption bug when the console is zero width [not found] <6fe044190604060146i4377f13eub00639e764074f2e@mail.gmail.com> @ 2006-04-06 8:53 ` Kenneth Duda 2006-04-07 18:08 ` Kenneth Duda 0 siblings, 1 reply; 2+ messages in thread From: Kenneth Duda @ 2006-04-06 8:53 UTC (permalink / raw) To: qemu-devel [-- Attachment #1: Type: text/plain, Size: 119 bytes --] This patch fixes a minor bug that mcheck picked up. I don't know if it ever causes problems in practice. -Ken [-- Attachment #2: qemu-zero-width-console.patch --] [-- Type: text/plain, Size: 663 bytes --] diff -burN qemu-snapshot-2006-03-27_23.orig/console.c qemu-snapshot-2006-03-27_23/console.c --- qemu-snapshot-2006-03-27_23.orig/console.c 2006-03-11 07:35:30.000000000 -0800 +++ qemu-snapshot-2006-03-27_23/console.c 2006-04-06 00:25:41.000000000 -0700 @@ -407,7 +407,8 @@ if (s->width < w1) w1 = s->width; - cells = qemu_malloc(s->width * s->total_height * sizeof(TextCell)); + cells = qemu_malloc((s->width * s->total_height + 1) * sizeof(TextCell)); + /* Add one extra in case s->width is 0, so we can still store one character. */ for(y = 0; y < s->total_height; y++) { c = &cells[y * s->width]; if (w1 > 0) { ^ permalink raw reply [flat|nested] 2+ messages in thread
* [Qemu-devel] Patch for minor qemu heap corruption bug when the console is zero width 2006-04-06 8:53 ` [Qemu-devel] Patch for minor qemu heap corruption bug when the console is zero width Kenneth Duda @ 2006-04-07 18:08 ` Kenneth Duda 0 siblings, 0 replies; 2+ messages in thread From: Kenneth Duda @ 2006-04-07 18:08 UTC (permalink / raw) To: qemu-devel [-- Attachment #1: Type: text/plain, Size: 522 bytes --] Hi everyone, here is another patch for a much less significant bug. If your "vc" console width is 0, qemu corrupts the heap (because it writes one character into a screen buffer that's been malloc'ed as size 0). I don't know if this bug ever causes problems in practice --- I picked it up using mcheck() when debugging heap corruption due to various slirp bugs. Anyway, this trivial patch fixes the trivial bug. Feedback on what I can do to get patches like this applied most appreciated! Thanks, -Ken [-- Attachment #2: qemu-zero-width-console.patch --] [-- Type: text/plain, Size: 664 bytes --] diff -burN qemu-snapshot-2006-03-27_23.orig/console.c qemu-snapshot-2006-03-27_23/console.c --- qemu-snapshot-2006-03-27_23.orig/console.c 2006-03-11 07:35:30.000000000 -0800 +++ qemu-snapshot-2006-03-27_23/console.c 2006-04-06 00:25:41.000000000 -0700 @@ -407,7 +407,8 @@ if (s->width < w1) w1 = s->width; - cells = qemu_malloc(s->width * s->total_height * sizeof(TextCell)); + cells = qemu_malloc((s->width * s->total_height + 1) * sizeof(TextCell)); + /* Add one extra in case s->width is 0, so we can still store one character. */ for(y = 0; y < s->total_height; y++) { c = &cells[y * s->width]; if (w1 > 0) { ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2006-04-07 18:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <6fe044190604060146i4377f13eub00639e764074f2e@mail.gmail.com>
2006-04-06 8:53 ` [Qemu-devel] Patch for minor qemu heap corruption bug when the console is zero width Kenneth Duda
2006-04-07 18:08 ` Kenneth Duda
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).