On Fri, Jun 05, 2015 at 05:19:53PM -0500, perrier vincent wrote:
> Using a very old guest (lenny) with spice and vga=cirrus, I have
> a segfault:
>
> FILE: ui/spice-display.c
> FUNCTION: qemu_spice_create_update
> LINE: if (memcmp(guest + yoff + xoff,
> mirror + yoff + xoff,
> bw * bpp) == 0)
>
> The address of mirror + yoff + xoff is out of boundaries.
>
> I use the following to avoid the crash:
>
> ...
> img_get_stride = pixman_image_get_stride(ssd->mirror);
> img_height = pixman_image_get_height(ssd->mirror);
> img_max = img_height * img_get_stride;
> ...
> if (yoff > img_max)
> {
> if (dirty_top[blk] == -1)
> dirty_top[blk] = y;
> }
> else if (memcmp(guest + yoff + xoff,
> mirror + yoff + xoff,
> bw * bpp) == 0)
> {
> ...Thanks for the report. I have CCed Gerd Hoffmann who maintains the graphics subsystem.
pgpEsnb3uaOkX.pgp
Description: PGP signature
