diff mbox series

[4/4] ui/console: sanitize search in qemu_graphic_console_is_multihead()

Message ID 20230913144959.41891-5-lersek@redhat.com (mailing list archive)
State New, archived
Headers show
Series ui/console: multihead: fix crash, simplify logic | expand

Commit Message

Laszlo Ersek Sept. 13, 2023, 2:49 p.m. UTC
qemu_graphic_console_is_multihead() declares the graphical console "c" a
"multihead" console if there are two different graphical consoles in the
system that (a) both reference "c->device", and (b) have different
"c->head" numbers. In effect, if at least two graphical consoles exist
that are different heads of the same device that underlies "c". In fact,
"c" may be one of these two graphical consoles, or "c" may differ from
both of those consoles (in case "c->device" has at least three heads).

The loop currently uses this awkward "two different consoles" approach
because the function used not to have access to "c", only to "c->device",
which didn't allow for fetching (and comparing) "c->head". But, we've
changed that in the last patch; we now pass all of "c" to
qemu_graphic_console_is_multihead().

Thus, look for the *first* (and possibly *only*) graphical console, if
any, that refers to the same "device" as "c", but by a different "head"
number.

Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com> (odd fixer:Graphics)
Cc: Gerd Hoffmann <kraxel@redhat.com> (odd fixer:Graphics)
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
---

Notes:
    context:-U4

 ui/console.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)
diff mbox series

Patch

diff --git a/ui/console.c b/ui/console.c
index 6424820c8521..9ce3c1248c7c 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -2367,10 +2367,8 @@  bool qemu_console_is_gl_blocked(QemuConsole *con)
 
 static bool qemu_graphic_console_is_multihead(QemuGraphicConsole *c)
 {
     QemuConsole *con;
-    uint32_t f = 0xffffffff;
-    uint32_t h;
 
     QTAILQ_FOREACH(con, &consoles, next) {
         QemuGraphicConsole *candidate;
 
@@ -2382,12 +2380,9 @@  static bool qemu_graphic_console_is_multihead(QemuGraphicConsole *c)
         if (candidate->device != c->device) {
             continue;
         }
 
-        h = candidate->head;
-        if (f == 0xffffffff) {
-            f = h;
-        } else if (h != f) {
+        if (candidate->head != c->head) {
             return true;
         }
     }
     return false;