[Spice-devel] server/red_worker: seamless: fix invalid memory reference

Submitted by Alon Levy on Aug. 30, 2012, 11:38 a.m.

Details

Message ID 1346326691-18731-1-git-send-email-alevy@redhat.com
State Accepted
Commit 897aaa7be51ab0b44436340cf6beedae03544199
Headers show

Not browsing as part of any series.

Commit Message

Alon Levy Aug. 30, 2012, 11:38 a.m.
replace add_ref with add for stack allocated SpiceMigrateDataDisplay.

This fixes wrong MIGRATE_DATA message in display channel (symptom is
glz_encoder_max being way too big, and malloc failure at target) seen on
F18 with gcc-4.7.1-5.fc18.x86_64 and glibc-2.16-8.fc18.x86_64 (didn't
appear on RHEL 6).
---
 server/red_worker.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Patch hide | download patch | download mbox

diff --git a/server/red_worker.c b/server/red_worker.c
index 28fed60..68e6271 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -8436,7 +8436,7 @@  static void display_channel_marshall_migrate_data(RedChannelClient *rcc,
 {
     DisplayChannel *display_channel;
     DisplayChannelClient *dcc = RCC_TO_DCC(rcc);
-    SpiceMigrateDataDisplay display_data;
+    SpiceMigrateDataDisplay display_data = {0,};
 
     display_channel = SPICE_CONTAINEROF(rcc->channel, DisplayChannel, common.base);
 
@@ -8465,8 +8465,8 @@  static void display_channel_marshall_migrate_data(RedChannelClient *rcc,
                                         &dcc->glz_data.usr);
 
     /* all data besided the surfaces ref */
-    spice_marshaller_add_ref(base_marshaller,
-                             (uint8_t *)&display_data, sizeof(display_data) - sizeof(uint32_t));
+    spice_marshaller_add(base_marshaller,
+                         (uint8_t *)&display_data, sizeof(display_data) - sizeof(uint32_t));
     display_channel_marshall_migrate_data_surfaces(dcc, base_marshaller,
                                                    display_channel->enable_jpeg);
 }

Comments

On 08/30/2012 02:38 PM, Alon Levy wrote:
> replace add_ref with add for stack allocated SpiceMigrateDataDisplay.
>
> This fixes wrong MIGRATE_DATA message in display channel (symptom is
> glz_encoder_max being way too big, and malloc failure at target) seen on
> F18 with gcc-4.7.1-5.fc18.x86_64 and glibc-2.16-8.fc18.x86_64 (didn't
> appear on RHEL 6).
> ---
>   server/red_worker.c | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/server/red_worker.c b/server/red_worker.c
> index 28fed60..68e6271 100644
> --- a/server/red_worker.c
> +++ b/server/red_worker.c
> @@ -8436,7 +8436,7 @@ static void display_channel_marshall_migrate_data(RedChannelClient *rcc,
>   {
>       DisplayChannel *display_channel;
>       DisplayChannelClient *dcc = RCC_TO_DCC(rcc);
> -    SpiceMigrateDataDisplay display_data;
> +    SpiceMigrateDataDisplay display_data = {0,};
>
>       display_channel = SPICE_CONTAINEROF(rcc->channel, DisplayChannel, common.base);
>
> @@ -8465,8 +8465,8 @@ static void display_channel_marshall_migrate_data(RedChannelClient *rcc,
>                                           &dcc->glz_data.usr);
>
>       /* all data besided the surfaces ref */
> -    spice_marshaller_add_ref(base_marshaller,
> -                             (uint8_t *)&display_data, sizeof(display_data) - sizeof(uint32_t));
> +    spice_marshaller_add(base_marshaller,
> +                         (uint8_t *)&display_data, sizeof(display_data) - sizeof(uint32_t));
>       display_channel_marshall_migrate_data_surfaces(dcc, base_marshaller,
>                                                      display_channel->enable_jpeg);
>   }

Ack.