Message ID | 1300696478-6051-5-git-send-email-corentin.chary@gmail.com |
---|---|
State | New |
Headers | show |
On Mon, Mar 21, 2011 at 09:34:38AM +0100, Corentin Chary wrote: > From: Stefan Weil <weil@mail.berlios.de> > > This fixes memory reads and writes which exceeded the upper limit > of allocated memory vd->guest.ds->data and vd->server->data. > > Cc: Anthony Liguori <aliguori@us.ibm.com> > Signed-off-by: Stefan Weil <weil@mail.berlios.de> > Signed-off-by: Corentin Chary <corentin.chary@gmail.com> > --- > ui/vnc.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/ui/vnc.c b/ui/vnc.c > index 90b6384..3138053 100644 > --- a/ui/vnc.c > +++ b/ui/vnc.c > @@ -2414,6 +2414,9 @@ static int vnc_refresh_server_surface(VncDisplay *vd) > * Update server dirty map. > */ > cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds); > + if (cmp_bytes > vd->ds->surface->linesize) { > + cmp_bytes = vd->ds->surface->linesize; > + } What about using ds_get_linesize(vd->ds) instead? > guest_row = vd->guest.ds->data; > server_row = vd->server->data; > for (y = 0; y < vd->guest.ds->height; y++) { > -- > 1.7.3.4 > > >
Am 10.04.2011 00:17, schrieb Aurelien Jarno: > On Mon, Mar 21, 2011 at 09:34:38AM +0100, Corentin Chary wrote: >> From: Stefan Weil <weil@mail.berlios.de> >> >> This fixes memory reads and writes which exceeded the upper limit >> of allocated memory vd->guest.ds->data and vd->server->data. >> >> Cc: Anthony Liguori <aliguori@us.ibm.com> >> Signed-off-by: Stefan Weil <weil@mail.berlios.de> >> Signed-off-by: Corentin Chary <corentin.chary@gmail.com> >> --- >> ui/vnc.c | 3 +++ >> 1 files changed, 3 insertions(+), 0 deletions(-) >> >> diff --git a/ui/vnc.c b/ui/vnc.c >> index 90b6384..3138053 100644 >> --- a/ui/vnc.c >> +++ b/ui/vnc.c >> @@ -2414,6 +2414,9 @@ static int >> vnc_refresh_server_surface(VncDisplay *vd) >> * Update server dirty map. >> */ >> cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds); >> + if (cmp_bytes > vd->ds->surface->linesize) { >> + cmp_bytes = vd->ds->surface->linesize; >> + } > > What about using ds_get_linesize(vd->ds) instead? Yes, that's better. Please either change the two lines, or wait until I have sent a new version of the patch. The patch should be applied to stable, too. Thanks, Stefan
diff --git a/ui/vnc.c b/ui/vnc.c index 90b6384..3138053 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2414,6 +2414,9 @@ static int vnc_refresh_server_surface(VncDisplay *vd) * Update server dirty map. */ cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds); + if (cmp_bytes > vd->ds->surface->linesize) { + cmp_bytes = vd->ds->surface->linesize; + } guest_row = vd->guest.ds->data; server_row = vd->server->data; for (y = 0; y < vd->guest.ds->height; y++) {