[PATCH 2/2] util: Fix the size of sorted_displays allocation

Fabiano Fidêncio <fidencio@xxxxxxxxxx> · Wed, 21 Oct 2015 15:23:59 +0200

As sorted_displays is a vector containing all displays' order, its
allocation size must be the maximum display id + 1 instead of the
maximum display id.

Valgrind log:
==15946== Invalid write of size 4
==15946==    at 0x4169C0: virt_viewer_align_monitors_linear (virt-viewer-util.c:581)
==15946==    by 0x42248B:
virt_viewer_session_on_monitor_geometry_changed (virt-viewer-session.c:438)
==15946==    by 0xBB41F03: _g_closure_invoke_va (gclosure.c:831)
==15946==    by 0xBB5BC7C: g_signal_emit_valist (gsignal.c:3214)
==15946==    by 0xBB5C764: g_signal_emit_by_name (gsignal.c:3401)
==15946==    by 0x4328F3:
virt_viewer_display_spice_monitor_geometry_changed (virt-viewer-display-spice.c:93)
==15946==    by 0x432D60: virt_viewer_display_spice_size_allocate (virt-viewer-display-spice.c:224)
==15946==    by 0xBB41CD4: g_closure_invoke (gclosure.c:768)
==15946==    by 0xBB53538: signal_emit_unlocked_R (gsignal.c:3549)
==15946==    by 0xBB5BEEF: g_signal_emit_valist (gsignal.c:3305)
==15946==    by 0xBB5C29E: g_signal_emit (gsignal.c:3361)
==15946==    by 0x637D6F6: gtk_widget_size_allocate_with_baseline (gtkwidget.c:6093)
==15946==  Address 0x18c79d4c is 0 bytes after a block of size 12 alloc'd
==15946==    at 0x4C2A9C7: calloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==15946==    by 0xBDD36D1: g_malloc0 (gmem.c:127)
==15946==    by 0x41698D: virt_viewer_align_monitors_linear (virt-viewer-util.c:577)
==15946==    by 0x42248B:
virt_viewer_session_on_monitor_geometry_changed (virt-viewer-session.c:438)
==15946==    by 0xBB41F03: _g_closure_invoke_va (gclosure.c:831)
==15946==    by 0xBB5BC7C: g_signal_emit_valist (gsignal.c:3214)
==15946==    by 0xBB5C764: g_signal_emit_by_name (gsignal.c:3401)
==15946==    by 0x4328F3:
virt_viewer_display_spice_monitor_geometry_changed (virt-viewer-display-spice.c:93)
==15946==    by 0x432D60: virt_viewer_display_spice_size_allocate (virt-viewer-display-spice.c:224)
==15946==    by 0xBB41CD4: g_closure_invoke (gclosure.c:768)
==15946==    by 0xBB53538: signal_emit_unlocked_R (gsignal.c:3549)
==15946==    by 0xBB5BEEF: g_signal_emit_valist (gsignal.c:3305)

Resolves: rhbz#1272650
Related: rhbz#1267184
---
 src/virt-viewer-util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/virt-viewer-util.c b/src/virt-viewer-util.c
index e9f771b..66b4dad 100644
--- a/src/virt-viewer-util.c
+++ b/src/virt-viewer-util.c
@@ -574,7 +574,7 @@ virt_viewer_align_monitors_linear(GHashTable *displays)
         return;
 
     g_hash_table_foreach(displays, find_max_id, &max_id);
-    sorted_displays = g_new0(guint, max_id);
+    sorted_displays = g_new0(guint, max_id + 1);
 
     g_hash_table_iter_init(&iter, displays);
     while (g_hash_table_iter_next(&iter, &key, &value))
-- 
2.4.3

_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list






