aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Rümelin <vr_qemu@t-online.de>2022-09-19 08:19:56 +0200
committerGerd Hoffmann <kraxel@redhat.com>2022-09-23 14:38:27 +0200
commit17b55372b509a253abed9d7d4a81772f6067220f (patch)
tree5b67c3d1627cc0277c030055bb3525610786567f
parentd18431547f388db1e43c0cbc8a423ea9cc0df3d6 (diff)
downloadqemu-17b55372b509a253abed9d7d4a81772f6067220f.zip
qemu-17b55372b509a253abed9d7d4a81772f6067220f.tar.gz
qemu-17b55372b509a253abed9d7d4a81772f6067220f.tar.bz2
ui/console: fix three double frees in png_save()
The png_destroy_write_struct() function frees all memory used by libpng. Don't use the glib auto cleanup mechanism to free the memory allocated by libpng again. For the pixman image, use only the auto cleanup mechanism and remove the qemu_pixman_image_unref() function call to prevent another double free. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1210 Fixes: 9a0a119a38 ("Added parameter to take screenshot with screendump as PNG") Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20220919061956.30929-1-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-rw-r--r--ui/console.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/ui/console.c b/ui/console.c
index 243f2f6..49da6a9 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -304,8 +304,8 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
{
int width = pixman_image_get_width(image);
int height = pixman_image_get_height(image);
- g_autofree png_struct *png_ptr = NULL;
- g_autofree png_info *info_ptr = NULL;
+ png_struct *png_ptr;
+ png_info *info_ptr;
g_autoptr(pixman_image_t) linebuf =
qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width);
uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf);
@@ -346,7 +346,6 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp)
qemu_pixman_linebuf_fill(linebuf, image, width, 0, y);
png_write_row(png_ptr, buf);
}
- qemu_pixman_image_unref(linebuf);
png_write_end(png_ptr, NULL);