Damn, the dirty rectangle values are signed integers. So the checks added by commit 788fbf042fc6d5aaeab56757e6dad622ac5f0c21 are not good enouth, we also have to make sure they are not negative.
[ Note: There must be something broken in spice-server so we get negative values in the first place. Bug opened: https://bugzilla.redhat.com/show_bug.cgi?id=1135372 ] Signed-off-by: Gerd Hoffmann <kra...@redhat.com> --- ui/vnc.c | 42 ++++++++++++++++++++++-------------------- ui/vnc.h | 1 + 2 files changed, 23 insertions(+), 20 deletions(-) diff --git a/ui/vnc.c b/ui/vnc.c index f8d9b7d..b33f6b3 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -46,7 +46,8 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; #include "vnc_keysym.h" #include "d3des.h" -static VncDisplay *vnc_display; /* needed for info vnc */ +static QTAILQ_HEAD(, VncDisplay) vnc_displays = + QTAILQ_HEAD_INITIALIZER(vnc_displays); static int vnc_cursor_define(VncState *vs); static void vnc_release_modifiers(VncState *vs); @@ -226,10 +227,10 @@ static const char *vnc_auth_name(VncDisplay *vd) { return "unknown"; } -static VncServerInfo *vnc_server_info_get(void) +static VncServerInfo *vnc_server_info_get(VncDisplay *vd) { VncServerInfo *info; - VncBasicInfo *bi = vnc_basic_info_get_from_server_addr(vnc_display->lsock); + VncBasicInfo *bi = vnc_basic_info_get_from_server_addr(vd->lsock); if (!bi) { return NULL; } @@ -237,7 +238,7 @@ static VncServerInfo *vnc_server_info_get(void) info = g_malloc(sizeof(*info)); info->base = bi; info->has_auth = true; - info->auth = g_strdup(vnc_auth_name(vnc_display)); + info->auth = g_strdup(vnc_auth_name(vd)); return info; } @@ -282,7 +283,7 @@ static void vnc_qmp_event(VncState *vs, QAPIEvent event) } g_assert(vs->info->base); - si = vnc_server_info_get(); + si = vnc_server_info_get(vs->vd); if (!si) { return; } @@ -348,8 +349,9 @@ static VncClientInfo *qmp_query_vnc_client(const VncState *client) VncInfo *qmp_query_vnc(Error **errp) { VncInfo *info = g_malloc0(sizeof(*info)); + VncDisplay *vd = QTAILQ_FIRST(&vnc_displays); - if (vnc_display == NULL || vnc_display->display == NULL) { + if (vd == NULL || vd->display == NULL) { info->enabled = false; } else { VncClientInfoList *cur_item = NULL; @@ -364,7 +366,7 @@ VncInfo *qmp_query_vnc(Error **errp) /* for compatibility with the original command */ info->has_clients = true; - QTAILQ_FOREACH(client, &vnc_display->clients, next) { + QTAILQ_FOREACH(client, &vd->clients, next) { VncClientInfoList *cinfo = g_malloc0(sizeof(*info)); cinfo->value = qmp_query_vnc_client(client); @@ -377,11 +379,11 @@ VncInfo *qmp_query_vnc(Error **errp) } } - if (vnc_display->lsock == -1) { + if (vd->lsock == -1) { return info; } - if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa, + if (getsockname(vd->lsock, (struct sockaddr *)&sa, &salen) == -1) { error_set(errp, QERR_UNDEFINED_ERROR); goto out_error; @@ -405,7 +407,7 @@ VncInfo *qmp_query_vnc(Error **errp) info->family = inet_netfamily(sa.ss_family); info->has_auth = true; - info->auth = g_strdup(vnc_auth_name(vnc_display)); + info->auth = g_strdup(vnc_auth_name(vd)); } return info; @@ -853,7 +855,7 @@ static int vnc_cursor_define(VncState *vs) static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, QEMUCursor *c) { - VncDisplay *vd = vnc_display; + VncDisplay *vd = container_of(dcl, VncDisplay, dcl); VncState *vs; cursor_put(vd->cursor); @@ -2944,7 +2946,7 @@ void vnc_display_init(DisplayState *ds) { VncDisplay *vs = g_malloc0(sizeof(*vs)); - vnc_display = vs; + QTAILQ_INSERT_TAIL(&vnc_displays, vs, next); vs->lsock = -1; #ifdef CONFIG_VNC_WS @@ -2974,7 +2976,7 @@ void vnc_display_init(DisplayState *ds) static void vnc_display_close(DisplayState *ds) { - VncDisplay *vs = vnc_display; + VncDisplay *vs = QTAILQ_FIRST(&vnc_displays); if (!vs) return; @@ -3003,7 +3005,7 @@ static void vnc_display_close(DisplayState *ds) int vnc_display_password(DisplayState *ds, const char *password) { - VncDisplay *vs = vnc_display; + VncDisplay *vs = QTAILQ_FIRST(&vnc_displays); if (!vs) { return -EINVAL; @@ -3022,7 +3024,7 @@ int vnc_display_password(DisplayState *ds, const char *password) int vnc_display_pw_expire(DisplayState *ds, time_t expires) { - VncDisplay *vs = vnc_display; + VncDisplay *vs = QTAILQ_FIRST(&vnc_displays); if (!vs) { return -EINVAL; @@ -3034,14 +3036,14 @@ int vnc_display_pw_expire(DisplayState *ds, time_t expires) char *vnc_display_local_addr(DisplayState *ds) { - VncDisplay *vs = vnc_display; - + VncDisplay *vs = QTAILQ_FIRST(&vnc_displays); + return vnc_socket_local_addr("%s:%s", vs->lsock); } void vnc_display_open(DisplayState *ds, const char *display, Error **errp) { - VncDisplay *vs = vnc_display; + VncDisplay *vs = QTAILQ_FIRST(&vnc_displays); const char *options; int password = 0; int reverse = 0; @@ -3057,7 +3059,7 @@ void vnc_display_open(DisplayState *ds, const char *display, Error **errp) #endif int lock_key_sync = 1; - if (!vnc_display) { + if (!vs) { error_setg(errp, "VNC display not active"); return; } @@ -3356,7 +3358,7 @@ fail: void vnc_display_add_client(DisplayState *ds, int csock, bool skipauth) { - VncDisplay *vs = vnc_display; + VncDisplay *vs = QTAILQ_FIRST(&vnc_displays); vnc_connect(vs, csock, skipauth, false); } diff --git a/ui/vnc.h b/ui/vnc.h index 334de9d..a7cdcea 100644 --- a/ui/vnc.h +++ b/ui/vnc.h @@ -184,6 +184,7 @@ struct VncDisplay #ifdef CONFIG_VNC_SASL VncDisplaySASL sasl; #endif + QTAILQ_ENTRY(VncDisplay) next; }; typedef struct VncTight { -- 1.8.3.1
