From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1FaOji-0005ez-1J
	for qemu-devel@nongnu.org; Sun, 30 Apr 2006 23:06:10 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1FaOjg-0005ea-U2
	for qemu-devel@nongnu.org; Sun, 30 Apr 2006 23:06:09 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1FaOjg-0005eX-Q7
	for qemu-devel@nongnu.org; Sun, 30 Apr 2006 23:06:08 -0400
Received: from [64.233.162.203] (helo=nz-out-0102.google.com)
	by monty-python.gnu.org with esmtp (Exim 4.52) id 1FaOnP-0008D7-Hr
	for qemu-devel@nongnu.org; Sun, 30 Apr 2006 23:09:59 -0400
Received: by nz-out-0102.google.com with SMTP id 14so2649418nzn
	for <qemu-devel@nongnu.org>; Sun, 30 Apr 2006 20:06:08 -0700 (PDT)
Message-ID: <c1bf1cf0604302006g5a98cdd2i4a04497f148e7bfa@mail.gmail.com>
Date: Sun, 30 Apr 2006 20:06:08 -0700
From: "Ed Swierk" <eswierk@arastra.com>
Sender: eswierk@gmail.com
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_Part_8880_6971819.1146452768107"
Subject: [Qemu-devel] [PATCH] Fix -nographic heap corruption
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

------=_Part_8880_6971819.1146452768107
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
Content-Disposition: inline

QSBidWcgaW4gY29uc29sZS5jIGNhdXNlcyBoZWFwIGNvcnJ1cHRpb24gd2hlbiBxZW11IGlzIHN0
YXJ0ZWQgd2l0aG91dAphIGdyYXBoaWNhbCBjb25zb2xlICgtbm9ncmFwaGljKS4gSW4gdGhpcyBj
YXNlLCB0aGUgY29uc29sZSBoZWlnaHQgYW5kCndpZHRoIGFyZSBib3RoIDAsIHJlc3VsdGluZyBp
biBhbGxvY2F0aW9uIG9mIGEgemVyby1sZW5ndGggY2VsbHMKYXJyYXkuCgpIZWFwIGNvcnJ1cHRp
b24gaXMgY2F1c2VkIGJ5IGNvZGUgdGhhdCBhc3N1bWVzIHRoZSBjZWxscyBhcnJheSBhbHdheXMK
aGFzIGF0IGxlYXN0IG9uZSBlbGVtZW50LiBUaGUgYXR0YWNoZWQgcGF0Y2ggYXZvaWRzIHRoaXMg
cHJvYmxlbQpzaW1wbHkgYnkgbWFraW5nIHRoZSBjZWxscyBhcnJheSBvbmUgYnl0ZSBsYXJnZXIg
dGhhbiBuZWNlc3NhcnksIGkuZS4KbGVuZ3RoIDEgaW4gdGhlIC1ub2dyYXBoaWMgY2FzZS4KCi0t
RWQK
------=_Part_8880_6971819.1146452768107
Content-Type: text/x-patch; name=qemu-zero-width-console.patch;
	charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Attachment-Id: f_emo8cf2o
Content-Disposition: attachment; filename="qemu-zero-width-console.patch"

diff -burN qemu-snapshot-2006-03-27_23.orig/console.c qemu-snapshot-2006-03-27_23/console.c
--- qemu-snapshot-2006-03-27_23.orig/console.c	2006-03-11 07:35:30.000000000 -0800
+++ qemu-snapshot-2006-03-27_23/console.c	2006-04-06 00:25:41.000000000 -0700
@@ -407,7 +407,8 @@
     if (s->width < w1)
         w1 = s->width;
 
-    cells = qemu_malloc(s->width * s->total_height * sizeof(TextCell));
+    cells = qemu_malloc((s->width * s->total_height + 1) * sizeof(TextCell));
+    /* Add one extra in case s->width is 0, so we can still store one character. */
     for(y = 0; y < s->total_height; y++) {
         c = &cells[y * s->width];
         if (w1 > 0) {

------=_Part_8880_6971819.1146452768107--