| Message ID | 1485248428-575-1-git-send-email-kraxel@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi ----- Original Message ----- > Commit "bea60dd ui/vnc: fix potential memory corruption issues" is > incomplete. vnc_update_stats must calculate width and height the same > way vnc_refresh_server_surface does it, to make sure we don't use width > and height values larger than the qemu vnc server can handle. > > Commit "e22492d ui/vnc: disable adaptive update calculations if not > needed" masks the issue in the default configuration. It triggers only > in case the "lossy" option is set to "on" (default is "off"). > > Cc: Marc-André Lureau <marcandre.lureau@redhat.com> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> > --- > ui/vnc.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/ui/vnc.c b/ui/vnc.c > index 29aa9c4..e7c029d 100644 > --- a/ui/vnc.c > +++ b/ui/vnc.c > @@ -2756,8 +2756,10 @@ static int vnc_refresh_lossy_rect(VncDisplay *vd, int > x, int y) > > static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) > { > - int width = pixman_image_get_width(vd->guest.fb); > - int height = pixman_image_get_height(vd->guest.fb); > + int width = MIN(pixman_image_get_width(vd->guest.fb), > + pixman_image_get_width(vd->server)); > + int height = MIN(pixman_image_get_height(vd->guest.fb), > + pixman_image_get_height(vd->server)); > int x, y; > struct timeval res; > int has_dirty = 0; > -- > 1.8.3.1 > >
diff --git a/ui/vnc.c b/ui/vnc.c index 29aa9c4..e7c029d 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2756,8 +2756,10 @@ static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) { - int width = pixman_image_get_width(vd->guest.fb); - int height = pixman_image_get_height(vd->guest.fb); + int width = MIN(pixman_image_get_width(vd->guest.fb), + pixman_image_get_width(vd->server)); + int height = MIN(pixman_image_get_height(vd->guest.fb), + pixman_image_get_height(vd->server)); int x, y; struct timeval res; int has_dirty = 0;
Commit "bea60dd ui/vnc: fix potential memory corruption issues" is incomplete. vnc_update_stats must calculate width and height the same way vnc_refresh_server_surface does it, to make sure we don't use width and height values larger than the qemu vnc server can handle. Commit "e22492d ui/vnc: disable adaptive update calculations if not needed" masks the issue in the default configuration. It triggers only in case the "lossy" option is set to "on" (default is "off"). Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> --- ui/vnc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)