[Qemu-devel] segfault in memcmp

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] segfault in memcmp

From:	perrier vincent
Subject:	[Qemu-devel] segfault in memcmp
Date:	Fri, 5 Jun 2015 17:19:53 -0500
User-agent:	SquirrelMail/1.5.2 [SVN]

Using a very old guest (lenny) with spice and vga=cirrus, I have
a segfault:

FILE:      ui/spice-display.c
FUNCTION:  qemu_spice_create_update
LINE:      if (memcmp(guest + yoff + xoff,
                       mirror + yoff + xoff,
                       bw * bpp) == 0)

The address of mirror + yoff + xoff is out of boundaries.

I use the following to avoid the crash:

...
  img_get_stride = pixman_image_get_stride(ssd->mirror);
  img_height = pixman_image_get_height(ssd->mirror);
  img_max = img_height * img_get_stride;
...
  if (yoff > img_max)
    {
    if (dirty_top[blk] == -1)
      dirty_top[blk] = y;
    }
  else if (memcmp(guest + yoff + xoff,
                  mirror + yoff + xoff,
                  bw * bpp) == 0)
    {
...

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] segfault in memcmp, perrier vincent <=
- Re: [Qemu-devel] segfault in memcmp, Stefan Hajnoczi, 2015/06/08
  - Re: [Qemu-devel] segfault in memcmp, Gerd Hoffmann, 2015/06/08

Prev by Date: [Qemu-devel] segfault caused by graphic
Next by Date: Re: [Qemu-devel] [PATCH 1/5] hw/arm/pxa2xx: Mark coprocessor registers as ARM_CP_IO
Previous by thread: [Qemu-devel] segfault caused by graphic
Next by thread: Re: [Qemu-devel] segfault in memcmp
Index(es):
- Date
- Thread