From 1bc3117abad28d6465ecdb2c944b22943df0e4f3 Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Fri, 20 Apr 2018 10:48:19 +0200 Subject: vnc: fix use-after-free MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When vnc_client_read() return value is -1 vs is not valid any more. Fixes: d49b87f0d1e0520443a990fc610d0f02bc63c556 Reported-by: Philippe Mathieu-Daudé Signed-off-by: Gerd Hoffmann Reviewed-by: Marc-André Lureau Reviewed-by: Daniel P. Berrangé Reviewed-by: Philippe Mathieu-Daudé Tested-by: Marc-André Lureau Tested-by: Philippe Mathieu-Daudé Message-id: 20180420084820.3873-1-kraxel@redhat.com --- ui/vnc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'ui') diff --git a/ui/vnc.c b/ui/vnc.c index e164eb7..5526e54 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -1539,13 +1539,14 @@ gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, VncState *vs = opaque; if (condition & G_IO_IN) { if (vnc_client_read(vs) < 0) { - goto end; + /* vs is free()ed here */ + return TRUE; } } if (condition & G_IO_OUT) { vnc_client_write(vs); } -end: + if (vs->disconnecting) { if (vs->ioc_tag != 0) { g_source_remove(vs->ioc_tag); -- cgit v1.1 From 844fd50dbbcfc9e401895274bf4fb8da8e8d3f64 Mon Sep 17 00:00:00 2001 From: Elie Tournier Date: Fri, 13 Apr 2018 14:58:41 +0100 Subject: sdl: Move DisplayOptions global to sdl2_console Suggested-by: Gerd Hoffmann Signed-off-by: Elie Tournier Message-id: 20180413135842.21325-3-tournier.elie@gmail.com Signed-off-by: Gerd Hoffmann --- ui/sdl2.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'ui') diff --git a/ui/sdl2.c b/ui/sdl2.c index 83b917f..da03724 100644 --- a/ui/sdl2.c +++ b/ui/sdl2.c @@ -32,7 +32,6 @@ static int sdl2_num_outputs; static struct sdl2_console *sdl2_console; -static DisplayOptions *opts; static SDL_Surface *guest_sprite_surface; static int gui_grab; /* if true, all keyboard/mouse events are grabbed */ @@ -566,7 +565,7 @@ static void handle_windowevent(SDL_Event *ev) break; case SDL_WINDOWEVENT_CLOSE: if (qemu_console_is_graphic(scon->dcl.con)) { - if (opts->has_window_close && !opts->window_close) { + if (scon->opts->has_window_close && !scon->opts->window_close) { allow_close = false; } if (allow_close) { @@ -613,7 +612,7 @@ void sdl2_poll_events(struct sdl2_console *scon) handle_textinput(ev); break; case SDL_QUIT: - if (opts->has_window_close && !opts->window_close) { + if (scon->opts->has_window_close && !scon->opts->window_close) { allow_close = false; } if (allow_close) { @@ -770,7 +769,6 @@ static void sdl2_display_init(DisplayState *ds, DisplayOptions *o) SDL_SysWMinfo info; assert(o->type == DISPLAY_TYPE_SDL); - opts = o; #ifdef __linux__ /* on Linux, SDL may use fbcon|directfb|svgalib when run without @@ -806,6 +804,7 @@ static void sdl2_display_init(DisplayState *ds, DisplayOptions *o) return; } sdl2_console = g_new0(struct sdl2_console, sdl2_num_outputs); + sdl2_console->opts = o; for (i = 0; i < sdl2_num_outputs; i++) { QemuConsole *con = qemu_console_lookup_by_index(i); assert(con != NULL); @@ -846,7 +845,8 @@ static void sdl2_display_init(DisplayState *ds, DisplayOptions *o) g_free(filename); } - if (opts->has_full_screen && opts->full_screen) { + if (sdl2_console->opts->has_full_screen && + sdl2_console->opts->full_screen) { gui_fullscreen = 1; sdl_grab_start(0); } -- cgit v1.1 From 4867e47cb637c6f3549786f1be70793112f96713 Mon Sep 17 00:00:00 2001 From: Elie Tournier Date: Fri, 13 Apr 2018 14:58:42 +0100 Subject: sdl: Allow OpenGL ES context creation Signed-off-by: Elie Tournier Message-id: 20180413135842.21325-4-tournier.elie@gmail.com [ kraxel: fix indent ] Signed-off-by: Gerd Hoffmann --- ui/sdl2-gl.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'ui') diff --git a/ui/sdl2-gl.c b/ui/sdl2-gl.c index c3683e6..83b7185 100644 --- a/ui/sdl2-gl.c +++ b/ui/sdl2-gl.c @@ -140,12 +140,27 @@ QEMUGLContext sdl2_gl_create_context(DisplayChangeListener *dcl, SDL_GL_MakeCurrent(scon->real_window, scon->winctx); SDL_GL_SetAttribute(SDL_GL_SHARE_WITH_CURRENT_CONTEXT, 1); - SDL_GL_SetAttribute(SDL_GL_CONTEXT_PROFILE_MASK, - SDL_GL_CONTEXT_PROFILE_CORE); + if (scon->opts->gl == DISPLAYGL_MODE_ON || + scon->opts->gl == DISPLAYGL_MODE_CORE) { + SDL_GL_SetAttribute(SDL_GL_CONTEXT_PROFILE_MASK, + SDL_GL_CONTEXT_PROFILE_CORE); + } else if (scon->opts->gl == DISPLAYGL_MODE_ES) { + SDL_GL_SetAttribute(SDL_GL_CONTEXT_PROFILE_MASK, + SDL_GL_CONTEXT_PROFILE_ES); + } SDL_GL_SetAttribute(SDL_GL_CONTEXT_MAJOR_VERSION, params->major_ver); SDL_GL_SetAttribute(SDL_GL_CONTEXT_MINOR_VERSION, params->minor_ver); ctx = SDL_GL_CreateContext(scon->real_window); + + /* If SDL fail to create a GL context and we use the "on" flag, + * then try to fallback to GLES. + */ + if (!ctx && scon->opts->gl == DISPLAYGL_MODE_ON) { + SDL_GL_SetAttribute(SDL_GL_CONTEXT_PROFILE_MASK, + SDL_GL_CONTEXT_PROFILE_ES); + ctx = SDL_GL_CreateContext(scon->real_window); + } return (QEMUGLContext)ctx; } -- cgit v1.1 From 7cd0afe69f3330a104b1462c01156dd8525b9bdd Mon Sep 17 00:00:00 2001 From: Tina Zhang Date: Fri, 27 Apr 2018 17:11:05 +0800 Subject: console: introduce dpy_gfx_update_full dpy_gfx_update_full is used to do the whole display surface update. This function is proposed by Gerd Hoffmann. Signed-off-by: Tina Zhang Message-id: 1524820266-27079-2-git-send-email-tina.zhang@intel.com Signed-off-by: Gerd Hoffmann --- ui/console.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'ui') diff --git a/ui/console.c b/ui/console.c index 3fb2f4e..b02510c 100644 --- a/ui/console.c +++ b/ui/console.c @@ -1574,6 +1574,16 @@ void dpy_gfx_update(QemuConsole *con, int x, int y, int w, int h) } } +void dpy_gfx_update_full(QemuConsole *con) +{ + if (!con->surface) { + return; + } + dpy_gfx_update(con, 0, 0, + surface_width(con->surface), + surface_height(con->surface)); +} + void dpy_gfx_replace_surface(QemuConsole *con, DisplaySurface *surface) { -- cgit v1.1