[Spice-devel] [PATCH spice-server] Avoid integer overflow for Drawable::refs field
Pavel Grunt
pgrunt at redhat.com
Wed Jan 4 12:58:08 UTC 2017
On Wed, 2017-01-04 at 12:31 +0000, Frediano Ziglio wrote:
> This fixes a regression caused by
> a43c21b6bcdda701763afb6d73e38a3c419e54c7
It does not crash, but
something is missing, cause i keep getting following:
(process:27167): Spice-CRITICAL **: red_pipe_item_unref: assertion
'item->refcount > 0' failed
Pavel
> ("DCC: change how fill_bits() marshalls data by reference").
> Before the mentioned patch the number of references to Drawable
> structure were really few so an uint8_t was enough.
> Now that every chunk of the image are accounted you can easily
> get an overflow.
> This fixes https://bugs.freedesktop.org/show_bug.cgi?id=99258.
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> server/display-channel.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/server/display-channel.h b/server/display-channel.h
> index 715ad1a..5ecc5c3 100644
> --- a/server/display-channel.h
> +++ b/server/display-channel.h
> @@ -81,7 +81,7 @@ typedef struct DependItem {
> } DependItem;
>
> struct Drawable {
> - uint8_t refs;
> + uint32_t refs;
> RingItem surface_list_link;
> RingItem list_link;
> DrawItem tree_item;
More information about the Spice-devel
mailing list