From nobody Mon Feb 9 17:36:10 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1664267803; cv=none; d=zohomail.com; s=zohoarc; b=kQ85BPyfVhH2w+VBRi2OhRj4E+AKjWHt1fBssZ/7/v+FG5T2dPGPMtrJUy0E+jvhtdQ8H+vAsffqUQJHAVC7m1rXLxeIqoVocxu9rdBTIZh7ZS9u8t8As0ZjiKdgL+ohca302FCNxz/Z7dOMOz91Q7rDK4zylp5eP655+XyD3gE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1664267803; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=HKhagRLCEtkmOiTdXQ0adfpQ5bj5UXG4kN9vlU05MwI=; b=Na0FNBfj41DPtTsroZ+i0kRb1R3grKLvFNTTZlkYHZYrsC3tOaSvP9j2mHYOrD2RzL7FdBsceohY15JtMnuUXINmGP6nFDKAeLH02tL75Bron6qZlFpwjvKkgjODNh0t4dsi7RjrZCvVh1MgP9GQlbCL6uwp6jS+mMmCYF2jgdU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1664267803710838.5048081170107; Tue, 27 Sep 2022 01:36:43 -0700 (PDT) Received: from localhost ([::1]:54832 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1od653-0008T3-6p for importer@patchew.org; Tue, 27 Sep 2022 04:36:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54876) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1od5oU-0005QD-2K for qemu-devel@nongnu.org; Tue, 27 Sep 2022 04:19:34 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]:24805) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1od5oO-0000JA-J2 for qemu-devel@nongnu.org; Tue, 27 Sep 2022 04:19:30 -0400 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-61-gDKPxj-bMRuwVYe5VOGbpg-1; Tue, 27 Sep 2022 04:19:24 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0CB71185A794; Tue, 27 Sep 2022 08:19:24 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9F3E739D6A; Tue, 27 Sep 2022 08:19:23 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 6DFB31800980; Tue, 27 Sep 2022 10:19:13 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1664266768; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HKhagRLCEtkmOiTdXQ0adfpQ5bj5UXG4kN9vlU05MwI=; b=LW+CdkNZHetMRFhQjNJDTckIjKR3RO7QQufF0xjoji/b1cubIWNhF+7p70Xc5zbxDDKeM3 bgKACfeRHBuXd3NGTG6E3O//OmzZzaBMDhEZn5SY9Iw7Q9kVOzo77tvYcb0MAmq3/qplgl sjKnnQ0z8rPREtkUrzIaz4nndMBKz60= X-MC-Unique: gDKPxj-bMRuwVYe5VOGbpg-1 From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Qiuhao Li , "Michael S. Tsirkin" , Stefan Hajnoczi , Eric Blake , Darren Kenny , Bandan Das , Alexander Bulekov , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Markus Armbruster , Akihiko Odaki , Alexandre Ratchov , Laurent Vivier , Paolo Bonzini , Thomas Huth , Gerd Hoffmann , Peter Maydell , =?UTF-8?q?Volker=20R=C3=BCmelin?= Subject: [PULL 10/24] ui/console: fix three double frees in png_save() Date: Tue, 27 Sep 2022 10:18:58 +0200 Message-Id: <20220927081912.180983-11-kraxel@redhat.com> In-Reply-To: <20220927081912.180983-1-kraxel@redhat.com> References: <20220927081912.180983-1-kraxel@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -28 X-Spam_score: -2.9 X-Spam_bar: -- X-Spam_report: (-2.9 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1664267805591100001 From: Volker R=C3=BCmelin The png_destroy_write_struct() function frees all memory used by libpng. Don't use the glib auto cleanup mechanism to free the memory allocated by libpng again. For the pixman image, use only the auto cleanup mechanism and remove the qemu_pixman_image_unref() function call to prevent another double free. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1210 Fixes: 9a0a119a38 ("Added parameter to take screenshot with screendump as P= NG") Tested-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Volker R=C3=BCmelin Message-Id: <20220919061956.30929-1-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- ui/console.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ui/console.c b/ui/console.c index 243f2f6e64ae..49da6a91df6f 100644 --- a/ui/console.c +++ b/ui/console.c @@ -304,8 +304,8 @@ static bool png_save(int fd, pixman_image_t *image, Err= or **errp) { int width =3D pixman_image_get_width(image); int height =3D pixman_image_get_height(image); - g_autofree png_struct *png_ptr =3D NULL; - g_autofree png_info *info_ptr =3D NULL; + png_struct *png_ptr; + png_info *info_ptr; g_autoptr(pixman_image_t) linebuf =3D qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, wi= dth); uint8_t *buf =3D (uint8_t *)pixman_image_get_data(linebuf); @@ -346,7 +346,6 @@ static bool png_save(int fd, pixman_image_t *image, Err= or **errp) qemu_pixman_linebuf_fill(linebuf, image, width, 0, y); png_write_row(png_ptr, buf); } - qemu_pixman_image_unref(linebuf); =20 png_write_end(png_ptr, NULL); =20 --=20 2.37.3