Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV

From:	Marc-André Lureau
Subject:	Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV
Date:	Fri, 02 Sep 2016 08:38:48 +0000

Hi

On Fri, Sep 2, 2016 at 8:00 AM Gonglei <address@hidden> wrote:

> The backtrace is:
>
> 0x00007f0b75cdf880 in pixman_image_get_stride () from
> /lib64/libpixman-1.so.0
> 0x00007f0b77bcb3cf in vnc_server_fb_stride (vd=0x7f0b7a1a2bb0) at
> ui/vnc.c:680
> vnc_dpy_copy (dcl=0x7f0b7a1a2c00, src_x=224, src_y=263, dst_x=319,
> dst_y=363, w=1, h=1) at ui/vnc.c:915
> 0x00007f0b77bbcc35 in dpy_gfx_copy (con=0x7f0b7a146210, address@hidden,
> address@hidden, address@hidden,
> address@hidden, w=1, h=1) at ui/console.c:1575
> 0x00007f0b77bbda4e in qemu_console_copy (con=<optimized out>,
> address@hidden, address@hidden, address@hidden,
> address@hidden, w=<optimized out>, h=<optimized out>) at
> ui/console.c:2111
> 0x00007f0b77ac0980 in cirrus_do_copy (h=<optimized out>, w=<optimized
> out>, src=<optimized out>, dst=<optimized out>, s=0x7f0b7b086090) at
> hw/display/cirrus_vga.c:774
> cirrus_bitblt_videotovideo_copy (s=0x7f0b7b086090) at
> hw/display/cirrus_vga.c:793
> cirrus_bitblt_videotovideo (s=0x7f0b7b086090) at
> hw/display/cirrus_vga.c:915
> cirrus_bitblt_start (s=0x7f0b7b086090) at hw/display/cirrus_vga.c:1056
> 0x00007f0b77965cfb in memory_region_write_accessor (mr=0x7f0b7b096e40,
> addr=320, value=<optimized out>, size=1, shift=<optimized
> out>,mask=<optimized out>, attrs=...) at
> /root/rpmbuild/BUILD/master/qemu/memory.c:525
> 0x00007f0b77963f59 in access_with_adjusted_size (address@hidden,
> address@hidden, address@hidden,
> access_size_min=<optimized out>, access_size_max=<optimized out>,
> address@hidden <memory_region_write_accessor>,
> address@hidden, address@hidden) at
> /root/rpmbuild/BUILD/master/qemu/memory.c:591
> 0x00007f0b77968315 in memory_region_dispatch_write (address@hidden,
> address@hidden, data=18446744073709551362,
> address@hidden, address@hidden) at
> /root/rpmbuild/BUILD/master/qemu/memory.c:1262
> 0x00007f0b779256a9 in address_space_write_continue (mr=0x7f0b7b096e40,
> l=4, addr1=320, len=4, buf=0x7f0b77713028 "\002\377\377\377",
> attrs=..., addr=4273930560, as=0x7f0b7827d280 <address_space_memory>) at
> /root/rpmbuild/BUILD/master/qemu/exec.c:2544
> address_space_write (as=<optimized out>, addr=<optimized out>, attrs=...,
> buf=<optimized out>, len=<optimized out>) at
> /root/rpmbuild/BUILD/master/qemu/exec.c:2601
> 0x00007f0b77925c1d in address_space_rw (as=<optimized out>,
> addr=<optimized out>, attrs=..., address@hidden,
> address@hidden "\002\377\377\377", len=<optimized out>,
> is_write=<optimized out>) at /root/rpmbuild/BUILD/master/qemu/exec.c:2703
> 0x00007f0b77962f53 in kvm_cpu_exec (address@hidden) at
> /root/rpmbuild/BUILD/master/qemu/kvm-all.c:1965
> 0x00007f0b77950cc6 in qemu_kvm_cpu_thread_fn (arg=0x7f0b79fcc2d0) at
> /root/rpmbuild/BUILD/master/qemu/cpus.c:1078
> 0x00007f0b744b3dc5 in start_thread (arg=0x7f0b69a27700) at
> pthread_create.c:308
> 0x00007f0b70d3d66d in clone () from /lib64/libc.so.6
>
> The code path while meeting segfault:
>  vnc_dpy_copy
>    vnc_update_client
>      vnc_disconnect_finish [while vnc_disconnect_start() is invoked
> because somethins wrong]
>        vnc_update_server_surface
>          vd->server = NULL;
>    vnc_server_fb_stride
>      pixman_image_get_stride(vd->server)
>
> Let's add a non-NULL check before calling vnc_server_fb_stride() to avoid
> segmentation fault.
>

Reviewed-by: Marc-André Lureau <address@hidden>

(It would be great if you had a reproducer)

It looks like this is not a regression from 2.7, perhaps it should be
post-poned?

Cc: Gerd Hoffmann <address@hidden>
> Cc: Daniel P. Berrange <address@hidden>
> Reported-by: Yanying Zhuang <address@hidden>
> Signed-off-by: Gonglei <address@hidden>
> ---
>  ui/vnc.c | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index d1087c9..76a3273 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -911,6 +911,10 @@ static void vnc_dpy_copy(DisplayChangeListener *dcl,
>          }
>      }
>
> +    if (!vd->server) {
> +        /* no client connected */
> +        return;
> +    }
>      /* do bitblit op on the local surface too */
>      pitch = vnc_server_fb_stride(vd);
>      src_row = vnc_server_fb_ptr(vd, src_x, src_y);
> --
> 1.7.12.4
>
>
>
> --
Marc-André Lureau

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV, Gonglei, 2016/09/01
- Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV, Marc-André Lureau <=
  - Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV, Gonglei, 2016/09/02
    - Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV, Marc-André Lureau, 2016/09/02
    - Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV, Peter Maydell, 2016/09/02
    - Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV, Gonglei (Arei), 2016/09/02
    - Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV, Gonglei (Arei), 2016/09/09
    - Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV, Gerd Hoffmann, 2016/09/09

Prev by Date: [Qemu-devel] [RFC v2 4/4] docs: Add Documentation for Mediated devices
Next by Date: Re: [Qemu-devel] [PATCH RFC v2 07/22] block/pcache: introduce LRU as method of memory
Previous by thread: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV
Next by thread: Re: [Qemu-devel] [PATCH for-2.7] vnc: fix qemu crash because of SIGSEGV
Index(es):
- Date
- Thread