From patchwork Thu Aug 30 16:44:44 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: dunrong huang <riegamaths@gmail.com>
X-Patchwork-Id: 180843
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id 5117F2C01C0
	for <incoming@patchwork.ozlabs.org>;
	Fri, 31 Aug 2012 02:45:55 +1000 (EST)
Received: from localhost ([::1]:38769 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1T77sP-0008JS-GO
	for incoming@patchwork.ozlabs.org; Thu, 30 Aug 2012 12:45:53 -0400
Received: from eggs.gnu.org ([208.118.235.92]:40495)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <riegamaths@gmail.com>) id 1T77sC-0008JA-W5
	for qemu-devel@nongnu.org; Thu, 30 Aug 2012 12:45:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <riegamaths@gmail.com>) id 1T77sB-0006Rs-PT
	for qemu-devel@nongnu.org; Thu, 30 Aug 2012 12:45:40 -0400
Received: from mail-pb0-f45.google.com ([209.85.160.45]:55155)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <riegamaths@gmail.com>) id 1T77sB-0006Rf-JT
	for qemu-devel@nongnu.org; Thu, 30 Aug 2012 12:45:39 -0400
Received: by pbbjt11 with SMTP id jt11so3410213pbb.4
	for <qemu-devel@nongnu.org>; Thu, 30 Aug 2012 09:45:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:x-mailer;
	bh=HtuJwQ7u/ScEczX6XjiwKycjZT9c5q/2/AUJ9c9iQ70=;
	b=Hnxk/j4e4FlBRi/OChSVGASEOEbncA1/wW7iSxumUHEMatq2lMgG9YYwaca48TpOtM
	tlIbl0LifYLfUHBPi764IJSXbINwmatKixRSR86E3E/KT50uWAYvWMPOO7JAUxO4WyLt
	CZZdp7dWr2N5Kj7/gIgsdj6BPkwPWv9eq2K5umykLrRfydHXMXUUGdlbp7HxFDeD7H9R
	M959IrRErFyCABP0mHfFGFWiMpOivnFbJht1/1NzHRCFEQVX8RCVAvv5c+x8GfBYw6v8
	h2Q5pEZzdhlZL7TXeOV+nU92vZNZ7JnIQ2w6j7JrI5aZfQ1PaYzqcdECGvNfry7KFrzU
	/suw==
Received: by 10.68.225.196 with SMTP id rm4mr12304492pbc.131.1346345137376;
	Thu, 30 Aug 2012 09:45:37 -0700 (PDT)
Received: from localhost.localdomain ([117.79.232.143])
	by mx.google.com with ESMTPS id
	sr3sm1843878pbc.44.2012.08.30.09.45.32
	(version=TLSv1/SSLv3 cipher=OTHER);
	Thu, 30 Aug 2012 09:45:35 -0700 (PDT)
From: riegamaths@gmail.com
To: qemu-devel <qemu-devel@nongnu.org>
Date: Fri, 31 Aug 2012 00:44:44 +0800
Message-Id: <1346345084-11345-1-git-send-email-riegamaths@gmail.com>
X-Mailer: git-send-email 1.7.8.6
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 209.85.160.45
Cc: Dunrong Huang <riegamaths@gmail.com>, Gerd Hoffmann <kraxel@redhat.com>,
	spice-devel@freedesktop.org
Subject: [Qemu-devel] [PATCH] qxl: dont update invalid area
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

From: Dunrong Huang <riegamaths@gmail.com>

This patch fixes the following error:

$ ~/usr/bin/qemu-system-x86_64 -enable-kvm -m 1024 -spice port=5900,disable-ticketing -vga qxl -cdrom ~/Images/linuxmint-13-mate-dvd-32bit.iso
(/home/mathslinux/usr/bin/qemu-system-x86_64:10068): SpiceWorker-CRITICAL **: red_worker.c:4599:red_update_area: condition `area->left >= 0 && area->top >= 0 && area->left < area->right && area->top < area->bottom' failed
Aborted

spice server terminates QEMU process if we pass invalid area to it,
so dont update those invalid areas.

Signed-off-by: Dunrong Huang <riegamaths@gmail.com>
---
 hw/qxl.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/hw/qxl.c b/hw/qxl.c
index c2dd3b4..10e6bb3 100644
--- a/hw/qxl.c
+++ b/hw/qxl.c
@@ -1385,6 +1385,13 @@ async_common:
         QXLCookie *cookie = NULL;
         QXLRect update = d->ram->update_area;
 
+        if (update.left < 0 || update.top < 0 || update.left >= update.right ||
+            update.top >= update.bottom) {
+            qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: "
+                              "invalid area(%d,%d,%d,%d)\n", update.left,
+                              update.right, update.top, update.bottom);
+            break;
+        }
         if (async == QXL_ASYNC) {
             cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO,
                                     QXL_IO_UPDATE_AREA_ASYNC);