[Spice-devel] [PATCH] server/red_worker: seamless: fix invalid memory reference
Uri Lublin
uril at redhat.com
Thu Aug 30 05:01:15 PDT 2012
On 08/30/2012 02:38 PM, Alon Levy wrote:
> replace add_ref with add for stack allocated SpiceMigrateDataDisplay.
>
> This fixes wrong MIGRATE_DATA message in display channel (symptom is
> glz_encoder_max being way too big, and malloc failure at target) seen on
> F18 with gcc-4.7.1-5.fc18.x86_64 and glibc-2.16-8.fc18.x86_64 (didn't
> appear on RHEL 6).
> ---
> server/red_worker.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/server/red_worker.c b/server/red_worker.c
> index 28fed60..68e6271 100644
> --- a/server/red_worker.c
> +++ b/server/red_worker.c
> @@ -8436,7 +8436,7 @@ static void display_channel_marshall_migrate_data(RedChannelClient *rcc,
> {
> DisplayChannel *display_channel;
> DisplayChannelClient *dcc = RCC_TO_DCC(rcc);
> - SpiceMigrateDataDisplay display_data;
> + SpiceMigrateDataDisplay display_data = {0,};
>
> display_channel = SPICE_CONTAINEROF(rcc->channel, DisplayChannel, common.base);
>
> @@ -8465,8 +8465,8 @@ static void display_channel_marshall_migrate_data(RedChannelClient *rcc,
> &dcc->glz_data.usr);
>
> /* all data besided the surfaces ref */
> - spice_marshaller_add_ref(base_marshaller,
> - (uint8_t *)&display_data, sizeof(display_data) - sizeof(uint32_t));
> + spice_marshaller_add(base_marshaller,
> + (uint8_t *)&display_data, sizeof(display_data) - sizeof(uint32_t));
> display_channel_marshall_migrate_data_surfaces(dcc, base_marshaller,
> display_channel->enable_jpeg);
> }
Ack.
More information about the Spice-devel
mailing list