From nobody Sat Nov 1 07:50:17 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1526629652001596.7087489391193; Fri, 18 May 2018 00:47:32 -0700 (PDT) Received: from localhost ([::1]:37178 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJa6t-0006iB-8l for importer@patchew.org; Fri, 18 May 2018 03:47:31 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47303) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJa0X-0001tr-Au for qemu-devel@nongnu.org; Fri, 18 May 2018 03:40:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fJa0W-00053s-6j for qemu-devel@nongnu.org; Fri, 18 May 2018 03:40:57 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:37858 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fJa0W-00053g-2I for qemu-devel@nongnu.org; Fri, 18 May 2018 03:40:56 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A20DE81FE156 for ; Fri, 18 May 2018 07:40:55 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-193.ams2.redhat.com [10.36.116.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3D999111AF23; Fri, 18 May 2018 07:40:53 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 871D03F11B; Fri, 18 May 2018 09:40:52 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Fri, 18 May 2018 09:40:50 +0200 Message-Id: <20180518074052.31724-2-kraxel@redhat.com> In-Reply-To: <20180518074052.31724-1-kraxel@redhat.com> References: <20180518074052.31724-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Fri, 18 May 2018 07:40:55 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Fri, 18 May 2018 07:40:55 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'kraxel@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PULL 1/3] console: Avoid segfault in screendump X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michal Privoznik , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Michal Privoznik After f771c5440e04626f1 it is possible to select device and head which to take screendump from. And even though we check if provided head number falls within range, it may still happen that the console has no surface yet leading to SIGSEGV: qemu.git $ ./x86_64-softmmu/qemu-system-x86_64 \ -qmp stdio \ -device virtio-vga,id=3Dvideo0,max_outputs=3D4 {"execute":"qmp_capabilities"} {"execute":"screendump", "arguments":{"filename":"/tmp/screen.ppm", "devi= ce":"video0", "head":1}} Segmentation fault #0 0x00005628249dda88 in ppm_save (filename=3D0x56282826cbc0 "/tmp/screen= .ppm", ds=3D0x0, errp=3D0x7fff52a6fae0) at ui/console.c:304 #1 0x00005628249ddd9b in qmp_screendump (filename=3D0x56282826cbc0 "/tmp/= screen.ppm", has_device=3Dtrue, device=3D0x5628276902d0 "video0", has_head= =3Dtrue, head=3D1, errp=3D0x7fff52a6fae0) at ui/console.c:375 #2 0x00005628247740df in qmp_marshal_screendump (args=3D0x562828265e00, r= et=3D0x7fff52a6fb68, errp=3D0x7fff52a6fb60) at qapi/qapi-commands-ui.c:110 Here, @ds from frame #0 (or @surface from frame #1) is dereferenced at the very beginning of ppm_save(). And because it's NULL crash happens. Signed-off-by: Michal Privoznik Reviewed-by: Thomas Huth Message-id: cb05bb1909daa6ba62145c0194aafa05a14ed3d1.1526569138.git.mprivoz= n@redhat.com Signed-off-by: Gerd Hoffmann --- ui/console.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ui/console.c b/ui/console.c index 945f05d728..ef1247f872 100644 --- a/ui/console.c +++ b/ui/console.c @@ -372,6 +372,11 @@ void qmp_screendump(const char *filename, bool has_dev= ice, const char *device, =20 graphic_hw_update(con); surface =3D qemu_console_surface(con); + if (!surface) { + error_setg(errp, "no surface"); + return; + } + ppm_save(filename, surface, errp); } =20 --=20 2.9.3 From nobody Sat Nov 1 07:50:17 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1526629361821199.61245891594388; Fri, 18 May 2018 00:42:41 -0700 (PDT) Received: from localhost ([::1]:37150 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJa2D-0002nI-0k for importer@patchew.org; Fri, 18 May 2018 03:42:41 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47300) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJa0X-0001tk-4Z for qemu-devel@nongnu.org; Fri, 18 May 2018 03:40:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fJa0U-000532-1u for qemu-devel@nongnu.org; Fri, 18 May 2018 03:40:57 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:37854 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fJa0T-00052n-Tl for qemu-devel@nongnu.org; Fri, 18 May 2018 03:40:53 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7CEF781FE147 for ; Fri, 18 May 2018 07:40:53 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-193.ams2.redhat.com [10.36.116.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3D7CD2024CBD; Fri, 18 May 2018 07:40:53 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 8FC5A3F11C; Fri, 18 May 2018 09:40:52 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Fri, 18 May 2018 09:40:51 +0200 Message-Id: <20180518074052.31724-3-kraxel@redhat.com> In-Reply-To: <20180518074052.31724-1-kraxel@redhat.com> References: <20180518074052.31724-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Fri, 18 May 2018 07:40:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.8]); Fri, 18 May 2018 07:40:53 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'kraxel@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PULL 2/3] ui: add x_keymap.o to modules X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Paolo Bonzini , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Paolo Bonzini x_keymap.o is common to the SDL and GTK+ modules, and it causes the QEMU binary to link to the X11 libraries. Add it separately to the modules to keep the main QEMU binary smaller. Signed-off-by: Paolo Bonzini Message-id: 1526560782-18732-1-git-send-email-pbonzini@redhat.com [ kraxel: fix lm32 target build (milkymist-tmu2) ] Signed-off-by: Gerd Hoffmann --- hw/display/Makefile.objs | 2 ++ ui/Makefile.objs | 11 +++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/hw/display/Makefile.objs b/hw/display/Makefile.objs index 3c7c75b94d..11321e466b 100644 --- a/hw/display/Makefile.objs +++ b/hw/display/Makefile.objs @@ -20,6 +20,8 @@ common-obj-$(CONFIG_MILKYMIST) +=3D milkymist-vgafb.o common-obj-$(CONFIG_ZAURUS) +=3D tc6393xb.o =20 common-obj-$(CONFIG_MILKYMIST_TMU2) +=3D milkymist-tmu2.o +milkymist-tmu2.o-cflags :=3D $(X11_CFLAGS) +milkymist-tmu2.o-libs :=3D $(X11_LIBS) =20 obj-$(CONFIG_OMAP) +=3D omap_dss.o obj-$(CONFIG_OMAP) +=3D omap_lcdc.o diff --git a/ui/Makefile.objs b/ui/Makefile.objs index cc784346cb..00f6976c30 100644 --- a/ui/Makefile.objs +++ b/ui/Makefile.objs @@ -15,10 +15,6 @@ common-obj-$(CONFIG_COCOA) +=3D cocoa.o common-obj-$(CONFIG_VNC) +=3D $(vnc-obj-y) common-obj-$(call lnot,$(CONFIG_VNC)) +=3D vnc-stubs.o =20 -common-obj-$(CONFIG_X11) +=3D x_keymap.o -x_keymap.o-cflags :=3D $(X11_CFLAGS) -x_keymap.o-libs :=3D $(X11_LIBS) - # ui-sdl module common-obj-$(CONFIG_SDL) +=3D sdl.mo ifeq ($(CONFIG_SDLABI),1.2) @@ -46,6 +42,13 @@ gtk.mo-objs +=3D gtk-gl-area.o endif endif =20 +ifeq ($(CONFIG_X11),y) +sdl.mo-objs +=3D x_keymap.o +gtk.mo-objs +=3D x_keymap.o +x_keymap.o-cflags :=3D $(X11_CFLAGS) +x_keymap.o-libs :=3D $(X11_LIBS) +endif + common-obj-$(CONFIG_CURSES) +=3D curses.mo curses.mo-objs :=3D curses.o curses.mo-cflags :=3D $(CURSES_CFLAGS) --=20 2.9.3 From nobody Sat Nov 1 07:50:17 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1526629746716347.61690488710053; Fri, 18 May 2018 00:49:06 -0700 (PDT) Received: from localhost ([::1]:37186 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJa8Q-0007ZY-0r for importer@patchew.org; Fri, 18 May 2018 03:49:06 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47296) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJa0X-0001tg-3C for qemu-devel@nongnu.org; Fri, 18 May 2018 03:40:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fJa0U-00052v-0h for qemu-devel@nongnu.org; Fri, 18 May 2018 03:40:57 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:60610 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fJa0T-00052l-SC for qemu-devel@nongnu.org; Fri, 18 May 2018 03:40:53 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7213D4201AEE; Fri, 18 May 2018 07:40:53 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-193.ams2.redhat.com [10.36.116.193]) by smtp.corp.redhat.com (Postfix) with ESMTP id 25B0A2024CBC; Fri, 18 May 2018 07:40:53 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 973123F11D; Fri, 18 May 2018 09:40:52 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Fri, 18 May 2018 09:40:52 +0200 Message-Id: <20180518074052.31724-4-kraxel@redhat.com> In-Reply-To: <20180518074052.31724-1-kraxel@redhat.com> References: <20180518074052.31724-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 18 May 2018 07:40:53 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 18 May 2018 07:40:53 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'kraxel@redhat.com' RCPT:'' Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PULL 3/3] sdl: Move use of surface pointer below check for whether it is NULL X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Gerd Hoffmann Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" From: Peter Maydell In commit 2ab858c6c38ee1 we added a use of the 'surf' variable in sdl2_2d_update() that was unfortunately placed above the early-exit-if-NULL check. Move it to where it ought to be. Fixes: Coverity CID 1390598 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 Message-id: 20180515185814.1374-1-peter.maydell@linaro.org Signed-off-by: Gerd Hoffmann --- ui/sdl2-2d.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ui/sdl2-2d.c b/ui/sdl2-2d.c index 1f34817bae..85484407be 100644 --- a/ui/sdl2-2d.c +++ b/ui/sdl2-2d.c @@ -36,9 +36,7 @@ void sdl2_2d_update(DisplayChangeListener *dcl, struct sdl2_console *scon =3D container_of(dcl, struct sdl2_console, d= cl); DisplaySurface *surf =3D qemu_console_surface(dcl->con); SDL_Rect rect; - size_t surface_data_offset =3D surface_bytes_per_pixel(surf) * x + - surface_stride(surf) * y; - + size_t surface_data_offset; assert(!scon->opengl); =20 if (!surf) { @@ -48,6 +46,8 @@ void sdl2_2d_update(DisplayChangeListener *dcl, return; } =20 + surface_data_offset =3D surface_bytes_per_pixel(surf) * x + + surface_stride(surf) * y; rect.x =3D x; rect.y =3D y; rect.w =3D w; --=20 2.9.3