summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Maydell2020-11-04 23:13:02 +0100
committerPeter Maydell2020-11-04 23:13:02 +0100
commite2766868d45d8c8f8991cfd133e6a0c14abfe577 (patch)
tree5f083618eae1d4872af84cae14188c4fb02188b6
parentMerge remote-tracking branch 'remotes/kraxel/tags/ui-20201104-pull-request' i... (diff)
parentroms/Makefile: Add qboot to .PHONY list (diff)
downloadqemu-e2766868d45d8c8f8991cfd133e6a0c14abfe577.tar.gz
qemu-e2766868d45d8c8f8991cfd133e6a0c14abfe577.tar.xz
qemu-e2766868d45d8c8f8991cfd133e6a0c14abfe577.zip
Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20201104-pull-request' into staging
misc bugfixes for 5.2 # gpg: Signature made Wed 04 Nov 2020 15:46:33 GMT # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/fixes-20201104-pull-request: roms/Makefile: Add qboot to .PHONY list ati: check x y display parameter values vnc: fix resource leak when websocket channel error Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-rw-r--r--hw/display/ati_2d.c10
-rw-r--r--roms/Makefile2
-rw-r--r--ui/vnc-auth-sasl.c3
-rw-r--r--ui/vnc-auth-vencrypt.c3
-rw-r--r--ui/vnc-jobs.c3
-rw-r--r--ui/vnc-ws.c20
-rw-r--r--ui/vnc.c24
7 files changed, 47 insertions, 18 deletions
diff --git a/hw/display/ati_2d.c b/hw/display/ati_2d.c
index 23a8ae0cd8..4dc10ea795 100644
--- a/hw/display/ati_2d.c
+++ b/hw/display/ati_2d.c
@@ -75,8 +75,9 @@ void ati_2d_blt(ATIVGAState *s)
dst_stride *= bpp;
}
uint8_t *end = s->vga.vram_ptr + s->vga.vram_size;
- if (dst_bits >= end || dst_bits + dst_x + (dst_y + s->regs.dst_height) *
- dst_stride >= end) {
+ if (dst_x > 0x3fff || dst_y > 0x3fff || dst_bits >= end
+ || dst_bits + dst_x
+ + (dst_y + s->regs.dst_height) * dst_stride >= end) {
qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
return;
}
@@ -107,8 +108,9 @@ void ati_2d_blt(ATIVGAState *s)
src_bits += s->regs.crtc_offset & 0x07ffffff;
src_stride *= bpp;
}
- if (src_bits >= end || src_bits + src_x +
- (src_y + s->regs.dst_height) * src_stride >= end) {
+ if (src_x > 0x3fff || src_y > 0x3fff || src_bits >= end
+ || src_bits + src_x
+ + (src_y + s->regs.dst_height) * src_stride >= end) {
qemu_log_mask(LOG_UNIMP, "blt outside vram not implemented\n");
return;
}
diff --git a/roms/Makefile b/roms/Makefile
index 1489d47350..7045e374d3 100644
--- a/roms/Makefile
+++ b/roms/Makefile
@@ -102,7 +102,7 @@ build-seabios-config-%: config.%
OUT=$(CURDIR)/seabios/builds/$*/ all
-.PHONY: sgabios skiboot
+.PHONY: sgabios skiboot qboot
sgabios:
$(MAKE) -C sgabios
cp sgabios/sgabios.bin ../pc-bios
diff --git a/ui/vnc-auth-sasl.c b/ui/vnc-auth-sasl.c
index 0517b2ead9..f67111a366 100644
--- a/ui/vnc-auth-sasl.c
+++ b/ui/vnc-auth-sasl.c
@@ -111,7 +111,8 @@ size_t vnc_client_write_sasl(VncState *vs)
g_source_remove(vs->ioc_tag);
}
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
+ vnc_client_io, vs, NULL);
}
return ret;
diff --git a/ui/vnc-auth-vencrypt.c b/ui/vnc-auth-vencrypt.c
index f072e16ace..d9c212ff32 100644
--- a/ui/vnc-auth-vencrypt.c
+++ b/ui/vnc-auth-vencrypt.c
@@ -79,7 +79,8 @@ static void vnc_tls_handshake_done(QIOTask *task,
g_source_remove(vs->ioc_tag);
}
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
+ vnc_client_io, vs, NULL);
start_auth_vencrypt_subauth(vs);
}
}
diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c
index 929391f85d..dbbfbefe56 100644
--- a/ui/vnc-jobs.c
+++ b/ui/vnc-jobs.c
@@ -151,7 +151,8 @@ void vnc_jobs_consume_buffer(VncState *vs)
}
if (vs->disconnecting == FALSE) {
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
+ vnc_client_io, vs, NULL);
}
}
buffer_move(&vs->output, &vs->jobs_buffer);
diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
index 95c9703c72..6d79f3e5a5 100644
--- a/ui/vnc-ws.c
+++ b/ui/vnc-ws.c
@@ -41,13 +41,14 @@ static void vncws_tls_handshake_done(QIOTask *task,
g_source_remove(vs->ioc_tag);
}
vs->ioc_tag = qio_channel_add_watch(
- QIO_CHANNEL(vs->ioc), G_IO_IN, vncws_handshake_io, vs, NULL);
+ QIO_CHANNEL(vs->ioc), G_IO_IN | G_IO_HUP | G_IO_ERR,
+ vncws_handshake_io, vs, NULL);
}
}
gboolean vncws_tls_handshake_io(QIOChannel *ioc G_GNUC_UNUSED,
- GIOCondition condition G_GNUC_UNUSED,
+ GIOCondition condition,
void *opaque)
{
VncState *vs = opaque;
@@ -59,6 +60,11 @@ gboolean vncws_tls_handshake_io(QIOChannel *ioc G_GNUC_UNUSED,
vs->ioc_tag = 0;
}
+ if (condition & (G_IO_HUP | G_IO_ERR)) {
+ vnc_client_error(vs);
+ return TRUE;
+ }
+
tls = qio_channel_tls_new_server(
vs->ioc,
vs->vd->tlscreds,
@@ -105,13 +111,14 @@ static void vncws_handshake_done(QIOTask *task,
g_source_remove(vs->ioc_tag);
}
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
+ vnc_client_io, vs, NULL);
}
}
gboolean vncws_handshake_io(QIOChannel *ioc G_GNUC_UNUSED,
- GIOCondition condition G_GNUC_UNUSED,
+ GIOCondition condition,
void *opaque)
{
VncState *vs = opaque;
@@ -122,6 +129,11 @@ gboolean vncws_handshake_io(QIOChannel *ioc G_GNUC_UNUSED,
vs->ioc_tag = 0;
}
+ if (condition & (G_IO_HUP | G_IO_ERR)) {
+ vnc_client_error(vs);
+ return TRUE;
+ }
+
wioc = qio_channel_websock_new_server(vs->ioc);
qio_channel_set_name(QIO_CHANNEL(wioc), "vnc-ws-server-websock");
diff --git a/ui/vnc.c b/ui/vnc.c
index f006aa1afd..49235056f7 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -1398,7 +1398,8 @@ static size_t vnc_client_write_plain(VncState *vs)
g_source_remove(vs->ioc_tag);
}
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
+ vnc_client_io, vs, NULL);
}
return ret;
@@ -1435,7 +1436,8 @@ static void vnc_client_write(VncState *vs)
g_source_remove(vs->ioc_tag);
}
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
+ vnc_client_io, vs, NULL);
}
vnc_unlock_output(vs);
}
@@ -1551,6 +1553,12 @@ gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
VncState *vs = opaque;
assert(vs->magic == VNC_MAGIC);
+
+ if (condition & (G_IO_HUP | G_IO_ERR)) {
+ vnc_disconnect_start(vs);
+ return TRUE;
+ }
+
if (condition & G_IO_IN) {
if (vnc_client_read(vs) < 0) {
/* vs is free()ed here */
@@ -1612,7 +1620,8 @@ void vnc_write(VncState *vs, const void *data, size_t len)
g_source_remove(vs->ioc_tag);
}
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
+ vnc_client_io, vs, NULL);
}
buffer_append(&vs->output, data, len);
@@ -3077,14 +3086,17 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
vs->websocket = 1;
if (vd->tlscreds) {
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
+ vncws_tls_handshake_io, vs, NULL);
} else {
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
+ vncws_handshake_io, vs, NULL);
}
} else {
vs->ioc_tag = qio_channel_add_watch(
- vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
+ vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
+ vnc_client_io, vs, NULL);
}
vnc_client_cache_addr(vs);