[spice-server,v2,2/2] red-parse-qxl: Fix QUIC images from QXL

Submitted by Frediano Ziglio on July 19, 2019, 9:18 a.m.

Details

Message ID 20190719091827.30413-3-fziglio@redhat.com
State Accepted
Commit db7dcae3538c477c62923d701a0860bfad0c874f
Headers show
Series "Remove last warnings from CI build" ( rev: 1 ) in Spice

Not browsing as part of any series.

Commit Message

Frediano Ziglio July 19, 2019, 9:18 a.m.
The decoding is wrong, the Red and QXL structures are different so
code is not doing what is expected. red-parse-qxl translate from QXL
to Red structures, red-record-qxl saves Red structure to file,
red-replay-qxl is supposed to read from file into QXL directly.

Not easy to reproduce, the only driver is XDDM which means Windows XP
or similars, I got no recording with such images.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
---
 server/red-replay-qxl.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

Patch hide | download patch | download mbox

diff --git a/server/red-replay-qxl.c b/server/red-replay-qxl.c
index 674feae2f..7104c81cd 100644
--- a/server/red-replay-qxl.c
+++ b/server/red-replay-qxl.c
@@ -416,7 +416,7 @@  static uint8_t *red_replay_image_data_flat(SpiceReplay *replay, size_t *size)
 
 static QXLImage *red_replay_image(SpiceReplay *replay, uint32_t flags)
 {
-    QXLImage* qxl = NULL;
+    QXLImage* qxl = NULL, *data;
     size_t bitmap_size;
     ssize_t size;
     uint8_t qxl_flags;
@@ -497,10 +497,15 @@  static QXLImage *red_replay_image(SpiceReplay *replay, uint32_t flags)
         if (replay->error) {
             return NULL;
         }
-        qxl = replay_realloc(replay, qxl, sizeof(QXLImageDescriptor) + sizeof(QXLQUICData) +
-                             qxl->quic.data_size);
-        size = red_replay_data_chunks(replay, "quic.data", (uint8_t**)&qxl->quic.data, 0);
+        data = NULL;
+        size = red_replay_data_chunks(replay, "quic.data", (uint8_t**)&data,
+                                      sizeof(QXLImageDescriptor) + sizeof(QXLQUICData) +
+                                      sizeof(QXLDataChunk));
         spice_assert(size == qxl->quic.data_size);
+        data->descriptor = qxl->descriptor;
+        data->quic.data_size = qxl->quic.data_size;
+        replay_free(replay, qxl);
+        qxl = data;
         break;
     default:
         spice_warn_if_reached();
@@ -526,7 +531,9 @@  static void red_replay_image_free(SpiceReplay *replay, QXLPHYSICAL p, uint32_t f
     case SPICE_IMAGE_TYPE_SURFACE:
         break;
     case SPICE_IMAGE_TYPE_QUIC:
-        red_replay_data_chunks_free(replay, qxl, 0);
+        red_replay_data_chunks_free(replay, qxl,
+                                    sizeof(QXLImageDescriptor) + sizeof(QXLQUICData) +
+                                    sizeof(QXLDataChunk));
         qxl = NULL;
         break;
     default: