diff options
author | Markus Armbruster <armbru@redhat.com> | 2013-01-10 14:24:50 +0100 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2013-01-14 08:59:38 +0100 |
commit | 08688af04dc1137ac2f420b35c235183926b4a23 (patch) | |
tree | c69d3e3b9e8d1ab7a5e0f394c4d91ec51babb03c /hw/qxl.c | |
parent | bc5f92e5db6f303e73387278e32f8669f0abf0e5 (diff) | |
download | qemu-08688af04dc1137ac2f420b35c235183926b4a23.zip qemu-08688af04dc1137ac2f420b35c235183926b4a23.tar.gz qemu-08688af04dc1137ac2f420b35c235183926b4a23.tar.bz2 |
qxl: Don't drop client capability bits
interface_set_client_capabilities() copies only the first few bits,
because it falls into a Classic C trap: you can declare a parameter
uint8_t caps[58], but the resulting parameter type is uint8_t *, not
uint8_t[58]. In particular, sizeof(caps) is sizeof(uint8_t *), not
the intended sizeof(uint8_t[58]).
Harmless, because the bits aren't used, yet. Broken in commit
c10018d6. Spotted by Coverity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/qxl.c')
-rw-r--r-- | hw/qxl.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -951,9 +951,11 @@ static void interface_set_client_capabilities(QXLInstance *sin, } qxl->shadow_rom.client_present = client_present; - memcpy(qxl->shadow_rom.client_capabilities, caps, sizeof(caps)); + memcpy(qxl->shadow_rom.client_capabilities, caps, + sizeof(qxl->shadow_rom.client_capabilities)); qxl->rom->client_present = client_present; - memcpy(qxl->rom->client_capabilities, caps, sizeof(caps)); + memcpy(qxl->rom->client_capabilities, caps, + sizeof(qxl->rom->client_capabilities)); qxl_rom_set_dirty(qxl); qxl_send_events(qxl, QXL_INTERRUPT_CLIENT); |