For a lenny guest, using spice, with option vga=cirrus, I had segfault in:
file: ui/spice-display.c
function: qemu_spice_create_update(SimpleSpiceDisplay *ssd)
in call to: if (memcmp(guest + yoff + xoff,
mirror + yoff + xoff,
bw * bpp) == 0)
After printing stuff, I discovered that the mirror address boundaries
where not respected by mirror + yoff + xoff.
Here is how I make my version run without segfault, it is not a correction
since I do not understand the working of the code, but this needs an
official correction.
...
img_get_stride = pixman_image_get_stride(ssd->mirror);
img_height = pixman_image_get_height(ssd->mirror);
img_max = img_height * img_get_stride;
...
if (yoff > img_max)
{
if (dirty_top[blk] == -1)
{
dirty_top[blk] = y;
}
}
else if (memcmp(guest + yoff + xoff,
mirror + yoff + xoff,
bw * bpp) == 0) {
...
