qemu/ui
Stefan Weil 23bfe28fff vnc: Fix stack corruption and other bitmap related bugs
Commit bc2429b917 introduced
a severe bug (stack corruption).

bitmap_clear was called with a wrong argument
which caused out-of-bound writes to the local variable width_mask.

This bug was detected with QEMU running on windows.
It also occurs with wine:

*** stack smashing detected ***:  terminated
wine: Unhandled illegal instruction at address 0x6115c7 (thread 0009), starting debugger...

The bug is not windows specific!

Instead of fixing the wrong parameter value, bitmap_clear(), bitmap_set
and width_mask were removed, and bitmap_intersect() was replaced by
!bitmap_empty(). The new operation is much shorter and equivalent to
the old operations.

The declarations of the dirty bitmaps in vnc.h were also wrong for 64 bit
hosts because of a rounding effect: for these hosts, VNC_MAX_WIDTH is no
longer a multiple of (16 * BITS_PER_LONG), so the rounded value of
VNC_DIRTY_WORDS was too small.

Fix both declarations by using the macro which is designed for this
purpose.

Cc: Corentin Chary <corentincj@iksaif.net>
Cc: Wen Congyang <wency@cn.fujitsu.com>
Cc: Gerhard Wiesinger <lists@wiesinger.com>
Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
2011-03-10 16:12:25 -06:00
..
cocoa.m Delete useless 'extern' qualifiers for functions 2011-01-23 16:21:20 +00:00
curses_keys.h curses: Fix control-{@[\]^_} and ESC 2010-10-21 18:31:28 +02:00
curses.c curses: Fix control-{@[\]^_} and ESC 2010-10-21 18:31:28 +02:00
d3des.c
d3des.h Delete useless 'extern' qualifiers for functions 2011-01-23 16:21:20 +00:00
keymaps.c
keymaps.h
qemu-spice.h spice: add chardev (v5) 2011-01-24 15:41:40 +01:00
sdl_keysym.h
sdl_zoom_template.h
sdl_zoom.c
sdl_zoom.h
sdl.c ui/sdl: Fix handling of caps lock and num lock keys 2011-02-04 06:33:26 -06:00
spice-core.c spice/vnc: client migration. 2011-01-24 15:13:54 +01:00
spice-display.c spice-display: replace private lock with qemu mutex. 2010-11-02 12:43:04 +01:00
spice-display.h spice-display: replace private lock with qemu mutex. 2010-11-02 12:43:04 +01:00
spice-input.c spice: add tablet support 2010-09-21 18:36:43 +02:00
vnc_keysym.h
vnc-auth-sasl.c vnc-auth-sasl: fix a memory leak 2011-01-12 19:48:56 +00:00
vnc-auth-sasl.h
vnc-auth-vencrypt.c
vnc-auth-vencrypt.h
vnc-enc-hextile-template.h
vnc-enc-hextile.c vnc: encapsulate encoding members 2010-07-26 17:36:14 -05:00
vnc-enc-tight.c ui/vnc-enc-tight.c: Fix compile failure if CONFIG_VNC_JPEG not defined 2011-02-24 11:25:38 -06:00
vnc-enc-tight.h vnc: tight add PNG encoding 2010-07-26 17:36:14 -05:00
vnc-enc-zlib.c vnc: encapsulate encoding members 2010-07-26 17:36:14 -05:00
vnc-enc-zrle-template.c vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-enc-zrle.c vnc: fix uint8_t comparisons with negative values 2011-02-23 16:28:28 -06:00
vnc-enc-zrle.h vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-enc-zywrle-template.c vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-enc-zywrle.h vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-jobs-async.c vnc: fix a memory leak in threaded vnc server 2011-02-25 16:04:43 -06:00
vnc-jobs-sync.c vnc: threaded VNC server 2010-07-26 17:36:14 -05:00
vnc-jobs.h vnc: threaded VNC server 2010-07-26 17:36:14 -05:00
vnc-palette.c vnc: palette: and fill and color calls. 2011-02-23 16:28:28 -06:00
vnc-palette.h vnc: palette: and fill and color calls. 2011-02-23 16:28:28 -06:00
vnc-tls.c
vnc-tls.h
vnc.c vnc: Fix stack corruption and other bitmap related bugs 2011-03-10 16:12:25 -06:00
vnc.h vnc: Fix stack corruption and other bitmap related bugs 2011-03-10 16:12:25 -06:00
x_keymap.c
x_keymap.h Delete useless 'extern' qualifiers for functions 2011-01-23 16:21:20 +00:00