From patchwork Thu Nov 1 20:06:32 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gerhard Wiesinger X-Patchwork-Id: 196377 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 13EAD2C031C for ; Fri, 2 Nov 2012 07:07:14 +1100 (EST) Received: from localhost ([::1]:46757 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TU12n-0007Ow-06 for incoming@patchwork.ozlabs.org; Thu, 01 Nov 2012 16:07:13 -0400 Received: from eggs.gnu.org ([208.118.235.92]:36486) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TU12f-0007OC-N4 for qemu-devel@nongnu.org; Thu, 01 Nov 2012 16:07:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TU12a-0000eO-VG for qemu-devel@nongnu.org; Thu, 01 Nov 2012 16:07:05 -0400 Received: from chello084112167138.7.11.vie.surfer.at ([84.112.167.138]:41080 helo=wiesinger.com) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TU12a-0000e7-Kp for qemu-devel@nongnu.org; Thu, 01 Nov 2012 16:07:00 -0400 Received: from bbs.intern (localhost [127.0.0.1]) by wiesinger.com (8.14.4/8.14.4) with ESMTP id qA1K6XrJ001318 for ; Thu, 1 Nov 2012 21:06:33 +0100 Received: from localhost (gerhard@localhost) by bbs.intern (8.14.4/8.14.4/Submit) with ESMTP id qA1K6WPZ001314 for ; Thu, 1 Nov 2012 21:06:32 +0100 Date: Thu, 1 Nov 2012 21:06:32 +0100 (CET) From: Gerhard Wiesinger To: qemu-devel@nongnu.org Message-ID: User-Agent: Alpine 2.02 (LFD 1266 2009-07-14) MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] X-Received-From: 84.112.167.138 Subject: [Qemu-devel] [PATCH] ui/vnc.c: Fix crash with VNC X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Fix crash with VNC under NT 4.0 and VMWare VGA and window which is outside of the visible area. Backtrace: #0 set_bit (addr=, nr=-3) at ./bitops.h:122 #1 vnc_dpy_update (ds=, x=-48, y=145, w=57, h=161) at ui/vnc.c:452 #2 0x00007f1ce057e2ec in dpy_update (s=0x7f1ce1c8c880, h=16, w=66, y=145, x=-57) at ./console.h:242 #3 vmsvga_update_rect (h=16, w=66, y=145, x=-57, s=0x7f1ce1cb3dd0) at hw/vmware_vga.c:324 #4 vmsvga_update_rect_flush (s=0x7f1ce1cb3dd0) at hw/vmware_vga.c:357 #5 vmsvga_update_display (opaque=0x7f1ce1cb3dd0) at hw/vmware_vga.c:960 #6 0x00007f1ce05f0b37 in vnc_refresh (opaque=0x7f1cd8526010) at ui/vnc.c:2590 #7 0x00007f1ce05c002b in qemu_run_timers (clock=0x7f1ce1c4f910) at qemu-timer.c:392 #8 qemu_run_timers (clock=0x7f1ce1c4f910) at qemu-timer.c:373 #9 0x00007f1ce05c028d in qemu_run_all_timers () at qemu-timer.c:449 #10 0x00007f1ce058f2ee in main_loop_wait (nonblocking=) at main-loop.c:502 #11 0x00007f1ce047acb3 in main_loop () at vl.c:1655 #12 main (argc=, argv=, envp=) at vl.c:3826 Signed-off-by: Gerhard Wiesinger --- ui/vnc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ui/vnc.c b/ui/vnc.c index 7c120e6..ae6d819 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -453,6 +453,11 @@ static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h) w = MIN(x + w, width) - x; h = MIN(h, height); + x = MAX(x, 0); + y = MAX(y, 0); + w = MAX(w, 0); + h = MAX(h, 0); + for (; y < h; y++) for (i = 0; i < w; i += 16) set_bit((x + i) / 16, s->dirty[y]);