From: Peter Maydell <peter.maydell@linaro.org>
To: marcandre.lureau@redhat.com
Cc: qemu-devel@nongnu.org, richard.henderson@linaro.org,
"Michael S. Tsirkin" <mst@redhat.com>,
Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [PULL 22/33] virtio-gpu/win32: allocate shareable 2d resources/images
Date: Mon, 3 Jul 2023 15:11:02 +0100 [thread overview]
Message-ID: <CAFEAcA971KtrQ-0zrc8HcQUKeOvYFOCFcvveh9FKE9t5CThL_g@mail.gmail.com> (raw)
In-Reply-To: <20230627130231.1614896-23-marcandre.lureau@redhat.com>
On Tue, 27 Jun 2023 at 14:07, <marcandre.lureau@redhat.com> wrote:
>
> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Allocate pixman bits for scanouts with qemu_win32_map_alloc() so we can
> set a shareable handle on the associated display surface.
>
> Note: when bits are provided to pixman_image_create_bits(), you must also give
> the rowstride (the argument is ignored when bits is NULL)
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Message-Id: <20230606115658.677673-11-marcandre.lureau@redhat.com>
Hi; Coverity notes (CID 1516557) that this introduces
a possible division-by-zero (different from the one
Alex's fuzzer found):
> @@ -1252,15 +1281,23 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size,
> g_free(res);
> return -EINVAL;
> }
> +
> + res->hostmem = calc_image_hostmem(pformat, res->width, res->height);
> +#ifdef WIN32
> + bits = qemu_win32_map_alloc(res->hostmem, &res->handle, &error_warn);
> + if (!bits) {
> + g_free(res);
> + return -EINVAL;
> + }
> +#endif
> res->image = pixman_image_create_bits(pformat,
> res->width, res->height,
> - NULL, 0);
> + bits, res->hostmem / res->height);
In this function we've just pulled res->height out of the
incoming migration stream, and we haven't done any sanity
checking on it. So it might be 0, in which case this division
will divide by zero and fall over.
thanks
-- PMM
next prev parent reply other threads:[~2023-07-03 14:12 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-27 13:01 [PULL 00/33] UI patches marcandre.lureau
2023-06-27 13:01 ` [PULL 01/33] ui: return NULL when getting cursor without a console marcandre.lureau
2023-06-27 13:01 ` [PULL 02/33] egl: no need to lookup EGL functions manually marcandre.lureau
2023-06-27 13:02 ` [PULL 03/33] ui/sdl2: OpenGL window context marcandre.lureau
2023-06-27 13:02 ` [PULL 04/33] virtio-gpu: Optimize 2D resource data transfer marcandre.lureau
2023-06-27 15:04 ` Richard Henderson
2023-06-27 15:10 ` Marc-André Lureau
2023-06-28 9:22 ` Richard Henderson
2023-06-27 13:02 ` [PULL 05/33] chardev/char-win-stdio: Support VT sequences on Windows 11 host marcandre.lureau
2023-06-27 13:02 ` [PULL 06/33] ui/touch: Move event handling to a common helper marcandre.lureau
2023-06-27 13:02 ` [PULL 07/33] ui/dbus: Expose a touch device interface marcandre.lureau
2023-06-27 13:02 ` [PULL 08/33] virtio-gpu: Make non-gl display updates work again when blob=true marcandre.lureau
2023-06-27 13:02 ` [PULL 09/33] virtio-gpu-udmabuf: create udmabuf for blob even when iov_cnt == 1 marcandre.lureau
2023-06-27 13:02 ` [PULL 10/33] ui/gtk: set the area of the scanout texture correctly marcandre.lureau
2023-06-27 17:46 ` Michael Tokarev
2023-06-27 13:02 ` [PULL 11/33] virtio-gpu: OUT_OF_MEMORY if failing to create udmabuf marcandre.lureau
2023-06-27 13:02 ` [PULL 12/33] ui/gtk: making dmabuf NULL when it's released marcandre.lureau
2023-06-27 13:02 ` [PULL 13/33] ui/egl: export qemu_egl_get_error_string() marcandre.lureau
2023-06-27 13:02 ` [PULL 14/33] ui/egl: fix make_context_current() callback return value marcandre.lureau
2023-06-27 13:02 ` [PULL 15/33] ui/dbus: compile without gio/gunixfdlist.h marcandre.lureau
2023-06-27 13:02 ` [PULL 16/33] scripts: add a XML preprocessor script marcandre.lureau
2023-06-27 13:02 ` [PULL 17/33] ui/dbus: win32 support marcandre.lureau
2023-06-29 17:55 ` Bernhard Beschow
2023-06-30 21:41 ` Marc-André Lureau
2023-06-30 23:51 ` Philippe Mathieu-Daudé
2023-06-27 13:02 ` [PULL 18/33] qtest: add qtest_pid() marcandre.lureau
2023-06-27 13:02 ` [PULL 19/33] tests: make dbus-display-test work on win32 marcandre.lureau
2023-06-27 13:02 ` [PULL 20/33] ui/dbus: introduce "Interfaces" properties marcandre.lureau
2023-06-27 13:02 ` [PULL 21/33] console/win32: allocate shareable display surface marcandre.lureau
2023-06-27 13:02 ` [PULL 22/33] virtio-gpu/win32: allocate shareable 2d resources/images marcandre.lureau
2023-07-03 11:45 ` Alexander Bulekov
2023-07-03 14:11 ` Peter Maydell [this message]
2023-06-27 13:02 ` [PULL 23/33] ui/dbus: use shared memory when possible on win32 marcandre.lureau
2023-06-27 13:02 ` [PULL 24/33] ui: add egl-headless support " marcandre.lureau
2023-06-27 13:02 ` [PULL 25/33] ui/egl: default to GLES on windows marcandre.lureau
2023-06-27 13:02 ` [PULL 26/33] ui: add egl_fb_read_rect() marcandre.lureau
2023-06-27 13:02 ` [PULL 27/33] ui/dbus: add GL support on win32 marcandre.lureau
2023-06-27 13:02 ` [PULL 28/33] ui/dbus: add some GL traces marcandre.lureau
2023-06-27 13:02 ` [PULL 29/33] virtio-gpu-virgl: teach it to get the QEMU EGL display marcandre.lureau
2023-06-27 13:02 ` [PULL 30/33] ui/egl: query ANGLE d3d device marcandre.lureau
2023-06-27 13:02 ` [PULL 31/33] ui: add optional d3d texture pointer to scanout texture marcandre.lureau
2023-06-27 13:02 ` [PULL 32/33] virtio-gpu-virgl: use D3D11_SHARE_TEXTURE when available marcandre.lureau
2023-06-27 13:02 ` [PULL 33/33] ui/dbus: use shared D3D11 Texture2D when possible marcandre.lureau
2023-06-29 7:40 ` Richard Henderson
2023-06-29 7:45 ` Richard Henderson
2023-06-29 8:35 ` Mark Cave-Ayland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFEAcA971KtrQ-0zrc8HcQUKeOvYFOCFcvveh9FKE9t5CThL_g@mail.gmail.com \
--to=peter.maydell@linaro.org \
--cc=kraxel@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).