[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 07/67] vnc: fix qemu crash because of SIGSEGV
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 07/67] vnc: fix qemu crash because of SIGSEGV |
|
Date: |
Wed, 14 Dec 2016 18:44:01 -0600 |
From: Gonglei <address@hidden>
The backtrace is:
0x00007f0b75cdf880 in pixman_image_get_stride () from /lib64/libpixman-1.so.0
0x00007f0b77bcb3cf in vnc_server_fb_stride (vd=0x7f0b7a1a2bb0) at ui/vnc.c:680
vnc_dpy_copy (dcl=0x7f0b7a1a2c00, src_x=224, src_y=263, dst_x=319, dst_y=363,
w=1, h=1) at ui/vnc.c:915
0x00007f0b77bbcc35 in dpy_gfx_copy (con=0x7f0b7a146210, address@hidden,
address@hidden, address@hidden,
address@hidden, w=1, h=1) at ui/console.c:1575
0x00007f0b77bbda4e in qemu_console_copy (con=<optimized out>, address@hidden,
address@hidden, address@hidden,
address@hidden, w=<optimized out>, h=<optimized out>) at ui/console.c:2111
0x00007f0b77ac0980 in cirrus_do_copy (h=<optimized out>, w=<optimized out>,
src=<optimized out>, dst=<optimized out>, s=0x7f0b7b086090) at
hw/display/cirrus_vga.c:774
cirrus_bitblt_videotovideo_copy (s=0x7f0b7b086090) at
hw/display/cirrus_vga.c:793
cirrus_bitblt_videotovideo (s=0x7f0b7b086090) at hw/display/cirrus_vga.c:915
cirrus_bitblt_start (s=0x7f0b7b086090) at hw/display/cirrus_vga.c:1056
0x00007f0b77965cfb in memory_region_write_accessor (mr=0x7f0b7b096e40,
addr=320, value=<optimized out>, size=1, shift=<optimized out>,mask=<optimized
out>, attrs=...) at /root/rpmbuild/BUILD/master/qemu/memory.c:525
0x00007f0b77963f59 in access_with_adjusted_size (address@hidden,
address@hidden, address@hidden,
access_size_min=<optimized out>, access_size_max=<optimized out>,
address@hidden <memory_region_write_accessor>,
address@hidden, address@hidden) at /root/rpmbuild/BUILD/master/qemu/memory.c:591
0x00007f0b77968315 in memory_region_dispatch_write (address@hidden,
address@hidden, data=18446744073709551362,
address@hidden, address@hidden) at
/root/rpmbuild/BUILD/master/qemu/memory.c:1262
0x00007f0b779256a9 in address_space_write_continue (mr=0x7f0b7b096e40, l=4,
addr1=320, len=4, buf=0x7f0b77713028 "\002\377\377\377",
attrs=..., addr=4273930560, as=0x7f0b7827d280 <address_space_memory>) at
/root/rpmbuild/BUILD/master/qemu/exec.c:2544
address_space_write (as=<optimized out>, addr=<optimized out>, attrs=...,
buf=<optimized out>, len=<optimized out>) at
/root/rpmbuild/BUILD/master/qemu/exec.c:2601
0x00007f0b77925c1d in address_space_rw (as=<optimized out>, addr=<optimized
out>, attrs=..., address@hidden,
address@hidden "\002\377\377\377", len=<optimized out>, is_write=<optimized
out>) at /root/rpmbuild/BUILD/master/qemu/exec.c:2703
0x00007f0b77962f53 in kvm_cpu_exec (address@hidden) at
/root/rpmbuild/BUILD/master/qemu/kvm-all.c:1965
0x00007f0b77950cc6 in qemu_kvm_cpu_thread_fn (arg=0x7f0b79fcc2d0) at
/root/rpmbuild/BUILD/master/qemu/cpus.c:1078
0x00007f0b744b3dc5 in start_thread (arg=0x7f0b69a27700) at pthread_create.c:308
0x00007f0b70d3d66d in clone () from /lib64/libc.so.6
The code path while meeting segfault:
vnc_dpy_copy
vnc_update_client
vnc_disconnect_finish [while vnc_disconnect_start() is invoked because
somethins wrong]
vnc_update_server_surface
vd->server = NULL;
vnc_server_fb_stride
pixman_image_get_stride(vd->server)
Let's add a non-NULL check before calling vnc_server_fb_stride() to avoid
segmentation fault.
Cc: Gerd Hoffmann <address@hidden>
Cc: Daniel P. Berrange <address@hidden>
Reported-by: Yanying Zhuang <address@hidden>
Signed-off-by: Gonglei <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>
(cherry picked from commit 3e10c3ecfcaf604d8b400d6e463e1a186ce97d9b)
Signed-off-by: Michael Roth <address@hidden>
---
ui/vnc.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ui/vnc.c b/ui/vnc.c
index d1087c9..76a3273 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -911,6 +911,10 @@ static void vnc_dpy_copy(DisplayChangeListener *dcl,
}
}
+ if (!vd->server) {
+ /* no client connected */
+ return;
+ }
/* do bitblit op on the local surface too */
pitch = vnc_server_fb_stride(vd);
src_row = vnc_server_fb_ptr(vd, src_x, src_y);
--
1.9.1
- [Qemu-stable] [PATCH 57/67] block/curl: Do not wait for data beyond EOF, (continued)
- [Qemu-stable] [PATCH 57/67] block/curl: Do not wait for data beyond EOF, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 61/67] rules.mak: Use -r instead of -Wl, -r to fix building when PIE is default, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 66/67] msmouse: Fix segfault caused by free the chr before chardev cleanup., Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 05/67] virtio: zero vq->inuse in virtio_reset(), Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 59/67] ivshmem: Fix 64 bit memory bar configuration, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 62/67] intel_iommu: fix incorrect device invalidate, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 64/67] vl: Delay initialization of memory backends, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 65/67] Revert "megasas: remove useless check for cmd->frame", Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 06/67] virtio-balloon: discard virtqueue element on reset, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 67/67] vfio/pci: Fix vfio_rtl8168_quirk_data_read address offset, Michael Roth, 2016/12/14
- [Qemu-stable] [PATCH 07/67] vnc: fix qemu crash because of SIGSEGV,
Michael Roth <=
- [Qemu-stable] [PATCH 08/67] 9pfs: fix potential segfault during walk, Michael Roth, 2016/12/14
- Re: [Qemu-stable] [Qemu-devel] [PATCH 00/67] Patch Round-up for stable 2.7.1, freeze on 2016-12-20, Stefan Weil, 2016/12/15