[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] segfault in memcmp
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [Qemu-devel] segfault in memcmp |
|
Date: |
Mon, 08 Jun 2015 13:36:28 +0200 |
On Mo, 2015-06-08 at 10:31 +0100, Stefan Hajnoczi wrote:
> On Fri, Jun 05, 2015 at 05:19:53PM -0500, perrier vincent wrote:
> > Using a very old guest (lenny) with spice and vga=cirrus, I have
> > a segfault:
Hmm, doesn't reproduce on master (booting i386 lenny install iso).
Which qemu version is this?
> > FILE: ui/spice-display.c
> > FUNCTION: qemu_spice_create_update
> > LINE: if (memcmp(guest + yoff + xoff,
> > mirror + yoff + xoff,
> > bw * bpp) == 0)
> >
> > The address of mirror + yoff + xoff is out of boundaries.
> >
> > I use the following to avoid the crash:
> >
> > ...
> > img_get_stride = pixman_image_get_stride(ssd->mirror);
> > img_height = pixman_image_get_height(ssd->mirror);
> > img_max = img_height * img_get_stride;
> > ...
> > if (yoff > img_max)
> > {
> > if (dirty_top[blk] == -1)
> > dirty_top[blk] = y;
> > }
I'm wondering how you end up with yoff being ouf of boundaries in the
first place ...
cheers,
Gerd