[Qemu-devel] [Bug 1326533] [NEW] SDL2 UI sends a NULL to sdl_grab

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [Bug 1326533] [NEW] SDL2 UI sends a NULL to sdl_grab_start

From:	Brandon Schaefer
Subject:	[Qemu-devel] [Bug 1326533] [NEW] SDL2 UI sends a NULL to sdl_grab_start if fullscreen, which crashes
Date:	Wed, 04 Jun 2014 21:03:16 -0000

Public bug reported:

in ui/sdl2.c:

    if (full_screen) {
        gui_fullscreen = 1;
        sdl_grab_start(0);
    }

Is sent, but no null checks are made in sdl_grab_start (its assumed to
be an allocated pointer). So a crash happens if you start qemu -full-
screen.

It should at lease send the first [0] of the newly allocated
sdl2_console through.

Quickly looking around should look something like:

    if (full_screen) {
        gui_fullscreen = 1;
        sdl_grab_start(&sdl2_console[0]);
    }

Or possibly put into the loop where the sdl2_console is created

** Affects: qemu
     Importance: Undecided
         Status: New

** Description changed:

  in ui/sdl2.c:
  
-     if (full_screen) {
-         gui_fullscreen = 1;
-         sdl_grab_start(0);
-     }
+     if (full_screen) {
+         gui_fullscreen = 1;
+         sdl_grab_start(0);
+     }
  
  Is sent, but no null checks are made in sdl_grab_start (its assumed to
  be an allocated pointer). So a crash happens if you start qemu -full-
  screen.
  
  It should at lease send the first [0] of the newly allocated
  sdl2_console through.
  
  Quickly looking around should look something like:
  
-     if (full_screen) {
-         gui_fullscreen = 1;
-         sdl_grab_start(&sdl2_console[0]);
-     }
+     if (full_screen) {
+         gui_fullscreen = 1;
+         sdl_grab_start(&sdl2_console[0]);
+     }
+ 
+ Or possibly put into the loop where the sdl2_console is created

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1326533

Title:
  SDL2 UI sends a NULL to sdl_grab_start if fullscreen, which crashes

Status in QEMU:
  New

Bug description:
  in ui/sdl2.c:

      if (full_screen) {
          gui_fullscreen = 1;
          sdl_grab_start(0);
      }

  Is sent, but no null checks are made in sdl_grab_start (its assumed to
  be an allocated pointer). So a crash happens if you start qemu -full-
  screen.

  It should at lease send the first [0] of the newly allocated
  sdl2_console through.

  Quickly looking around should look something like:

      if (full_screen) {
          gui_fullscreen = 1;
          sdl_grab_start(&sdl2_console[0]);
      }

  Or possibly put into the loop where the sdl2_console is created

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1326533/+subscriptions

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL 0/4] tcg patch queue, Richard Henderson, 2014/06/04
- [Qemu-devel] [PULL 1/4] tcg-i386: Fix win64 qemu store, Richard Henderson, 2014/06/04
- [Qemu-devel] [PULL 2/4] tci: Convert to new ldst opcodes, Richard Henderson, 2014/06/04
- [Qemu-devel] [PULL 3/4] tcg: Remove TCG_TARGET_HAS_new_ldst, Richard Henderson, 2014/06/04
- [Qemu-devel] [PULL 4/4] TCG: Fix tcg_gen_extr_i64_tl for 32bit, Richard Henderson, 2014/06/04

Prev by Date: [Qemu-devel] [PATCH 2/2] PPC: e500: Merge 32 and 64 bit SPE emulation
Next by Date: Re: [Qemu-devel] [PATCH 1/2] TCG: Fix tcg_gen_extr_i64_tl for 32bit
Previous by thread: [Qemu-devel] [PATCH 1/2] TCG: Fix tcg_gen_extr_i64_tl for 32bit
Next by thread: [Qemu-devel] [PULL 1/4] tcg-i386: Fix win64 qemu store
Index(es):
- Date
- Thread