[PATCH spice] Fix crash when clearing surface memory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The beginning of the surface data needs to be computed correctly if the
stride is negative, otherwise, it should point already to the beginning
of the surface data. This bug seems to exists since 4a208b (0.5.2)

https://bugzilla.redhat.com/show_bug.cgi?id=1029646
---
 server/red_worker.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/server/red_worker.c b/server/red_worker.c
index 6bdad93..904e8fe 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -9470,7 +9470,9 @@ static inline void red_create_surface(RedWorker *worker, uint32_t surface_id, ui
     surface->context.stride = stride;
     surface->context.line_0 = line_0;
     if (!data_is_valid) {
-        memset((char *)line_0 + (int32_t)(stride * (height - 1)), 0, height*abs(stride));
+        char *data = line_0;
+        data += stride < 0 ? (int32_t)(stride * (height - 1)) : 0;
+        memset(data, 0, height*abs(stride));
     }
     surface->create.info = NULL;
     surface->destroy.info = NULL;
-- 
1.9.3

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]