From df6322a8973b5e69bdc8931ff79d3bfe3901cab5 Mon Sep 17 00:00:00 2001 From: Cal Peake Date: Thu, 11 Aug 2022 18:01:38 -0400 Subject: ui/console: Get tab completion working again in the SDL monitor vc Define a QEMU special key constant for the tab key and add an entry for it in the qcode_to_keysym table. This allows tab completion to work again in the SDL monitor virtual console, which has been broken ever since the migration from SDL1 to SDL2. Signed-off-by: Cal Peake Message-Id: <7054816e-99c-7e2-6737-7cf98cc56e2@absolutedigital.net> Signed-off-by: Gerd Hoffmann --- ui/console.c | 1 + 1 file changed, 1 insertion(+) (limited to 'ui') diff --git a/ui/console.c b/ui/console.c index 765892f84f..243f2f6e64 100644 --- a/ui/console.c +++ b/ui/console.c @@ -1368,6 +1368,7 @@ static const int qcode_to_keysym[Q_KEY_CODE__MAX] = { [Q_KEY_CODE_PGUP] = QEMU_KEY_PAGEUP, [Q_KEY_CODE_PGDN] = QEMU_KEY_PAGEDOWN, [Q_KEY_CODE_DELETE] = QEMU_KEY_DELETE, + [Q_KEY_CODE_TAB] = QEMU_KEY_TAB, [Q_KEY_CODE_BACKSPACE] = QEMU_KEY_BACKSPACE, }; -- cgit v1.2.3-55-g7522 From bab6a301c58286229ca8fbc36728d1469f243260 Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Fri, 19 Aug 2022 22:27:54 +0900 Subject: ui/cocoa: Run qemu_init in the main thread This work is based on: https://patchew.org/QEMU/20220317125534.38706-1-philippe.mathieu.daude@gmail.com/ Simplify the initialization dance by running qemu_init() in the main thread before the Cocoa event loop starts. The secondary thread only runs only qemu_main_loop() and qemu_cleanup(). This fixes a case where addRemovableDevicesMenuItems() calls qmp_query_block() while expecting the main thread to still hold the BQL. Overriding the code after calling qemu_init() is done by dynamically replacing a function pointer variable, qemu_main when initializing ui/cocoa, which unifies the static implementation of main() for builds with ui/cocoa and ones without ui/cocoa. Signed-off-by: Akihiko Odaki Message-Id: <20220819132756.74641-2-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann --- docs/devel/fuzzing.rst | 4 +- include/qemu-main.h | 3 +- include/sysemu/sysemu.h | 2 +- softmmu/main.c | 10 ++-- softmmu/vl.c | 2 +- tests/qtest/fuzz/fuzz.c | 2 +- ui/cocoa.m | 144 +++++++++++++++++------------------------------- 7 files changed, 62 insertions(+), 105 deletions(-) (limited to 'ui') diff --git a/docs/devel/fuzzing.rst b/docs/devel/fuzzing.rst index 784ecb99e6..715330c856 100644 --- a/docs/devel/fuzzing.rst +++ b/docs/devel/fuzzing.rst @@ -287,8 +287,8 @@ select the fuzz target. Then, the qtest client is initialized. If the target requires qos, qgraph is set up and the QOM/LIBQOS modules are initialized. Then the QGraph is walked and the QEMU cmd_line is determined and saved. -After this, the ``vl.c:qemu_main`` is called to set up the guest. There are -target-specific hooks that can be called before and after qemu_main, for +After this, the ``vl.c:main`` is called to set up the guest. There are +target-specific hooks that can be called before and after main, for additional setup(e.g. PCI setup, or VM snapshotting). ``LLVMFuzzerTestOneInput``: Uses qtest/qos functions to act based on the fuzz diff --git a/include/qemu-main.h b/include/qemu-main.h index 6a3e90d0ad..940960a7db 100644 --- a/include/qemu-main.h +++ b/include/qemu-main.h @@ -5,6 +5,7 @@ #ifndef QEMU_MAIN_H #define QEMU_MAIN_H -int qemu_main(int argc, char **argv, char **envp); +int qemu_default_main(void); +extern int (*qemu_main)(void); #endif /* QEMU_MAIN_H */ diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h index 31aa45160b..6a7a31e64d 100644 --- a/include/sysemu/sysemu.h +++ b/include/sysemu/sysemu.h @@ -102,7 +102,7 @@ void qemu_boot_set(const char *boot_order, Error **errp); bool defaults_enabled(void); -void qemu_init(int argc, char **argv, char **envp); +void qemu_init(int argc, char **argv); int qemu_main_loop(void); void qemu_cleanup(void); diff --git a/softmmu/main.c b/softmmu/main.c index 1b675a8c03..694388bd7f 100644 --- a/softmmu/main.c +++ b/softmmu/main.c @@ -30,20 +30,20 @@ #include #endif -int qemu_main(int argc, char **argv, char **envp) +int qemu_default_main(void) { int status; - qemu_init(argc, argv, envp); status = qemu_main_loop(); qemu_cleanup(); return status; } -#ifndef CONFIG_COCOA +int (*qemu_main)(void) = qemu_default_main; + int main(int argc, char **argv) { - return qemu_main(argc, argv, NULL); + qemu_init(argc, argv); + return qemu_main(); } -#endif diff --git a/softmmu/vl.c b/softmmu/vl.c index e62b9cc35d..9abadcc150 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -2605,7 +2605,7 @@ void qmp_x_exit_preconfig(Error **errp) } } -void qemu_init(int argc, char **argv, char **envp) +void qemu_init(int argc, char **argv) { QemuOpts *opts; QemuOpts *icount_opts = NULL, *accel_opts = NULL; diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index 2b3bc1fb9d..eb7520544b 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -218,7 +218,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) g_free(pretty_cmd_line); } - qemu_init(result.we_wordc, result.we_wordv, NULL); + qemu_init(result.we_wordc, result.we_wordv); /* re-enable the rcu atfork, which was previously disabled in qemu_init */ rcu_enable_atfork(); diff --git a/ui/cocoa.m b/ui/cocoa.m index 5a8bd5dd84..660d3e0935 100644 --- a/ui/cocoa.m +++ b/ui/cocoa.m @@ -100,13 +100,9 @@ static int cursor_hide = 1; static int left_command_key_enabled = 1; static bool swap_opt_cmd; -static int gArgc; -static char **gArgv; static bool stretch_video; static NSTextField *pauseLabel; -static QemuSemaphore display_init_sem; -static QemuSemaphore app_started_sem; static bool allow_events; static NSInteger cbchangecount = -1; @@ -597,7 +593,7 @@ static CGEventRef handleTapEvent(CGEventTapProxy proxy, CGEventType type, CGEven /* * Don't try to tell QEMU about UI information in the application * startup phase -- we haven't yet registered dcl with the QEMU UI - * layer, and also trying to take the iothread lock would deadlock. + * layer. * When cocoa_display_init() does register the dcl, the UI layer * will call cocoa_switch(), which will call updateUIInfo, so * we don't lose any information here. @@ -790,16 +786,6 @@ static CGEventRef handleTapEvent(CGEventTapProxy proxy, CGEventType type, CGEven - (bool) handleEvent:(NSEvent *)event { - if(!allow_events) { - /* - * Just let OSX have all events that arrive before - * applicationDidFinishLaunching. - * This avoids a deadlock on the iothread lock, which cocoa_display_init() - * will not drop until after the app_started_sem is posted. (In theory - * there should not be any such events, but OSX Catalina now emits some.) - */ - return false; - } return bool_with_iothread_lock(^{ return [self handleEventLocked:event]; }); @@ -1287,8 +1273,6 @@ static CGEventRef handleTapEvent(CGEventTapProxy proxy, CGEventType type, CGEven { COCOA_DEBUG("QemuCocoaAppController: applicationDidFinishLaunching\n"); allow_events = true; - /* Tell cocoa_display_init to proceed */ - qemu_sem_post(&app_started_sem); } - (void)applicationWillTerminate:(NSNotification *)aNotification @@ -1919,92 +1903,45 @@ static void cocoa_clipboard_request(QemuClipboardInfo *info, /* * The startup process for the OSX/Cocoa UI is complicated, because * OSX insists that the UI runs on the initial main thread, and so we - * need to start a second thread which runs the vl.c qemu_main(): - * - * Initial thread: 2nd thread: + * need to start a second thread which runs the qemu_default_main(): * in main(): - * create qemu-main thread - * wait on display_init semaphore - * call qemu_main() - * ... - * in cocoa_display_init(): - * post the display_init semaphore - * wait on app_started semaphore - * create application, menus, etc - * enter OSX run loop - * in applicationDidFinishLaunching: - * post app_started semaphore - * tell main thread to fullscreen if needed - * [...] - * run qemu main-loop - * - * We do this in two stages so that we don't do the creation of the - * GUI application menus and so on for command line options like --help - * where we want to just print text to stdout and exit immediately. + * in cocoa_display_init(): + * assign cocoa_main to qemu_main + * create application, menus, etc + * in cocoa_main(): + * create qemu-main thread + * enter OSX run loop */ static void *call_qemu_main(void *opaque) { int status; - COCOA_DEBUG("Second thread: calling qemu_main()\n"); - status = qemu_main(gArgc, gArgv, *_NSGetEnviron()); - COCOA_DEBUG("Second thread: qemu_main() returned, exiting\n"); + COCOA_DEBUG("Second thread: calling qemu_default_main()\n"); + qemu_mutex_lock_iothread(); + status = qemu_default_main(); + qemu_mutex_unlock_iothread(); + COCOA_DEBUG("Second thread: qemu_default_main() returned, exiting\n"); [cbowner release]; exit(status); } -int main (int argc, char **argv) { +static int cocoa_main() +{ QemuThread thread; - COCOA_DEBUG("Entered main()\n"); - gArgc = argc; - gArgv = argv; - - qemu_sem_init(&display_init_sem, 0); - qemu_sem_init(&app_started_sem, 0); + COCOA_DEBUG("Entered %s()\n", __func__); + qemu_mutex_unlock_iothread(); qemu_thread_create(&thread, "qemu_main", call_qemu_main, NULL, QEMU_THREAD_DETACHED); - COCOA_DEBUG("Main thread: waiting for display_init_sem\n"); - qemu_sem_wait(&display_init_sem); - COCOA_DEBUG("Main thread: initializing app\n"); - - NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; - - // Pull this console process up to being a fully-fledged graphical - // app with a menubar and Dock icon - ProcessSerialNumber psn = { 0, kCurrentProcess }; - TransformProcessType(&psn, kProcessTransformToForegroundApplication); - - [QemuApplication sharedApplication]; - - create_initial_menus(); - - /* - * Create the menu entries which depend on QEMU state (for consoles - * and removeable devices). These make calls back into QEMU functions, - * which is OK because at this point we know that the second thread - * holds the iothread lock and is synchronously waiting for us to - * finish. - */ - add_console_menu_entries(); - addRemovableDevicesMenuItems(); - - // Create an Application controller - QemuCocoaAppController *appController = [[QemuCocoaAppController alloc] init]; - [NSApp setDelegate:appController]; - // Start the main event loop COCOA_DEBUG("Main thread: entering OSX run loop\n"); [NSApp run]; - COCOA_DEBUG("Main thread: left OSX run loop, exiting\n"); + COCOA_DEBUG("Main thread: left OSX run loop, which should never happen\n"); - [appController release]; - [pool release]; - - return 0; + abort(); } @@ -2083,25 +2020,42 @@ static void cocoa_refresh(DisplayChangeListener *dcl) static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts) { + NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; + COCOA_DEBUG("qemu_cocoa: cocoa_display_init\n"); - /* Tell main thread to go ahead and create the app and enter the run loop */ - qemu_sem_post(&display_init_sem); - qemu_sem_wait(&app_started_sem); - COCOA_DEBUG("cocoa_display_init: app start completed\n"); + qemu_main = cocoa_main; + + // Pull this console process up to being a fully-fledged graphical + // app with a menubar and Dock icon + ProcessSerialNumber psn = { 0, kCurrentProcess }; + TransformProcessType(&psn, kProcessTransformToForegroundApplication); + + [QemuApplication sharedApplication]; + + create_initial_menus(); + + /* + * Create the menu entries which depend on QEMU state (for consoles + * and removeable devices). These make calls back into QEMU functions, + * which is OK because at this point we know that the second thread + * holds the iothread lock and is synchronously waiting for us to + * finish. + */ + add_console_menu_entries(); + addRemovableDevicesMenuItems(); + + // Create an Application controller + QemuCocoaAppController *controller = [[QemuCocoaAppController alloc] init]; + [NSApp setDelegate:controller]; - QemuCocoaAppController *controller = (QemuCocoaAppController *)[[NSApplication sharedApplication] delegate]; /* if fullscreen mode is to be used */ if (opts->has_full_screen && opts->full_screen) { - dispatch_async(dispatch_get_main_queue(), ^{ - [NSApp activateIgnoringOtherApps: YES]; - [controller toggleFullScreen: nil]; - }); + [NSApp activateIgnoringOtherApps: YES]; + [controller toggleFullScreen: nil]; } if (opts->u.cocoa.has_full_grab && opts->u.cocoa.full_grab) { - dispatch_async(dispatch_get_main_queue(), ^{ - [controller setFullGrab: nil]; - }); + [controller setFullGrab: nil]; } if (opts->has_show_cursor && opts->show_cursor) { @@ -2121,6 +2075,8 @@ static void cocoa_display_init(DisplayState *ds, DisplayOptions *opts) qemu_event_init(&cbevent, false); cbowner = [[QemuCocoaPasteboardTypeOwner alloc] init]; qemu_clipboard_peer_register(&cbpeer); + + [pool release]; } static QemuDisplay qemu_display_cocoa = { -- cgit v1.2.3-55-g7522 From 410840cdb1342751f58a3521f48d5a9faf694c3b Mon Sep 17 00:00:00 2001 From: Marc-André Lureau Date: Mon, 12 Sep 2022 14:24:51 +0400 Subject: ui: add some vdagent related traces This helps debugging clipboard serial sync issues. Signed-off-by: Marc-André Lureau Message-Id: <20220912102455.111765-2-marcandre.lureau@redhat.com> [ kraxel: code style fix ] Signed-off-by: Gerd Hoffmann --- ui/clipboard.c | 11 +++++++++-- ui/trace-events | 5 +++++ ui/vdagent.c | 4 ++++ 3 files changed, 18 insertions(+), 2 deletions(-) (limited to 'ui') diff --git a/ui/clipboard.c b/ui/clipboard.c index 9079ef829b..cd5382fcb0 100644 --- a/ui/clipboard.c +++ b/ui/clipboard.c @@ -1,5 +1,6 @@ #include "qemu/osdep.h" #include "ui/clipboard.h" +#include "trace.h" static NotifierList clipboard_notifiers = NOTIFIER_LIST_INITIALIZER(clipboard_notifiers); @@ -43,17 +44,23 @@ void qemu_clipboard_peer_release(QemuClipboardPeer *peer, bool qemu_clipboard_check_serial(QemuClipboardInfo *info, bool client) { + bool ok; + if (!info->has_serial || !cbinfo[info->selection] || !cbinfo[info->selection]->has_serial) { + trace_clipboard_check_serial(-1, -1, true); return true; } if (client) { - return cbinfo[info->selection]->serial >= info->serial; + ok = cbinfo[info->selection]->serial >= info->serial; } else { - return cbinfo[info->selection]->serial > info->serial; + ok = cbinfo[info->selection]->serial > info->serial; } + + trace_clipboard_check_serial(cbinfo[info->selection]->serial, info->serial, ok); + return ok; } void qemu_clipboard_update(QemuClipboardInfo *info) diff --git a/ui/trace-events b/ui/trace-events index a922f00e10..977577fbba 100644 --- a/ui/trace-events +++ b/ui/trace-events @@ -127,15 +127,20 @@ xkeymap_vendor(const char *name) "vendor '%s'" xkeymap_keycodes(const char *name) "keycodes '%s'" xkeymap_keymap(const char *name) "keymap '%s'" +# clipboard.c +clipboard_check_serial(int cur, int recv, bool ok) "cur:%d recv:%d %d" + # vdagent.c vdagent_open(void) "" vdagent_close(void) "" +vdagent_disconnect(void) "" vdagent_send(const char *name) "msg %s" vdagent_send_empty_clipboard(void) "" vdagent_recv_chunk(uint32_t size) "size %d" vdagent_recv_msg(const char *name, uint32_t size) "msg %s, size %d" vdagent_peer_cap(const char *name) "cap %s" vdagent_cb_grab_selection(const char *name) "selection %s" +vdagent_cb_grab_discard(const char *name, int cur, int recv) "selection %s, cur:%d recv:%d" vdagent_cb_grab_type(const char *name) "type %s" vdagent_cb_serial_discard(uint32_t current, uint32_t received) "current=%u, received=%u" diff --git a/ui/vdagent.c b/ui/vdagent.c index a899eed195..58ce7507fd 100644 --- a/ui/vdagent.c +++ b/ui/vdagent.c @@ -533,6 +533,8 @@ static void vdagent_clipboard_recv_grab(VDAgentChardev *vd, uint8_t s, uint32_t info->has_serial = true; info->serial = *(uint32_t *)data; if (info->serial < vd->last_serial[s]) { + trace_vdagent_cb_grab_discard(GET_NAME(sel_name, s), + vd->last_serial[s], info->serial); /* discard lower-ordering guest grab */ return; } @@ -853,6 +855,8 @@ static void vdagent_chr_accept_input(Chardev *chr) static void vdagent_disconnect(VDAgentChardev *vd) { + trace_vdagent_disconnect(); + buffer_reset(&vd->outbuf); vdagent_reset_bufs(vd); vd->caps = 0; -- cgit v1.2.3-55-g7522 From 0e23ae9c657d65049e5ef3a06451b22830964f35 Mon Sep 17 00:00:00 2001 From: Marc-André Lureau Date: Mon, 12 Sep 2022 14:24:52 +0400 Subject: ui/clipboard: fix serial priority The incoming grab event should have a higher serial. See also "vdagent: introduce VD_AGENT_CAP_CLIPBOARD_GRAB_SERIAL": https://gitlab.freedesktop.org/spice/spice-protocol/-/commit/045a6978d6dbbf7046affc5c321fa8177c8cce56 This is only a relevant fix for the -display dbus, only user of that function. Signed-off-by: Marc-André Lureau Message-Id: <20220912102455.111765-3-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann --- ui/clipboard.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ui') diff --git a/ui/clipboard.c b/ui/clipboard.c index cd5382fcb0..3e2d02d549 100644 --- a/ui/clipboard.c +++ b/ui/clipboard.c @@ -54,9 +54,9 @@ bool qemu_clipboard_check_serial(QemuClipboardInfo *info, bool client) } if (client) { - ok = cbinfo[info->selection]->serial >= info->serial; + ok = info->serial >= cbinfo[info->selection]->serial; } else { - ok = cbinfo[info->selection]->serial > info->serial; + ok = info->serial > cbinfo[info->selection]->serial; } trace_clipboard_check_serial(cbinfo[info->selection]->serial, info->serial, ok); -- cgit v1.2.3-55-g7522 From e46d4d684224872b8b5999a51c688ee8fffb4a1b Mon Sep 17 00:00:00 2001 From: Marc-André Lureau Date: Mon, 12 Sep 2022 14:24:53 +0400 Subject: ui/vdagent: always reset the clipboard serial on caps The guest agent doesn't know what is the current serial state. Reset the serial value whenever a new agent connection is established. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2124446 Signed-off-by: Marc-André Lureau Message-Id: <20220912102455.111765-4-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann --- ui/vdagent.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'ui') diff --git a/ui/vdagent.c b/ui/vdagent.c index 58ce7507fd..819e0dc143 100644 --- a/ui/vdagent.c +++ b/ui/vdagent.c @@ -719,8 +719,10 @@ static void vdagent_chr_recv_caps(VDAgentChardev *vd, VDAgentMessage *msg) if (have_mouse(vd) && vd->mouse_hs) { qemu_input_handler_activate(vd->mouse_hs); } + + memset(vd->last_serial, 0, sizeof(vd->last_serial)); + if (have_clipboard(vd) && vd->cbpeer.notifier.notify == NULL) { - memset(vd->last_serial, 0, sizeof(vd->last_serial)); vd->cbpeer.name = "vdagent"; vd->cbpeer.notifier.notify = vdagent_clipboard_notify; vd->cbpeer.request = vdagent_clipboard_request; -- cgit v1.2.3-55-g7522 From 72ce36f77ca6fe8cf9aae5ed28d7c3c865ef887d Mon Sep 17 00:00:00 2001 From: Marc-André Lureau Date: Mon, 12 Sep 2022 14:24:54 +0400 Subject: ui/clipboard: reset the serial state on reset Not only we have to reset the vdagent clipboards serial state, but also the current QEMU clipboards info serial (the value is currently used by qemu_clipboard_check_serial, only used by -display dbus). Signed-off-by: Marc-André Lureau Message-Id: <20220912102455.111765-5-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann --- ui/clipboard.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'ui') diff --git a/ui/clipboard.c b/ui/clipboard.c index 3e2d02d549..3d14bffaf8 100644 --- a/ui/clipboard.c +++ b/ui/clipboard.c @@ -139,7 +139,14 @@ void qemu_clipboard_request(QemuClipboardInfo *info, void qemu_clipboard_reset_serial(void) { QemuClipboardNotify notify = { .type = QEMU_CLIPBOARD_RESET_SERIAL }; + int i; + for (i = 0; i < QEMU_CLIPBOARD_SELECTION__COUNT; i++) { + QemuClipboardInfo *info = qemu_clipboard_info(i); + if (info) { + info->serial = 0; + } + } notifier_list_notify(&clipboard_notifiers, ¬ify); } -- cgit v1.2.3-55-g7522 From d18431547f388db1e43c0cbc8a423ea9cc0df3d6 Mon Sep 17 00:00:00 2001 From: Marc-André Lureau Date: Mon, 12 Sep 2022 14:24:55 +0400 Subject: ui/vdagent: fix serial reset of guest agent In order to reset the guest agent, we send CLOSED & OPENED events. They are correctly received by the guest kernel. However, they might not be noticed by the guest agent process, as the IO task (poll() for example) might be wake up after both CLOSED & OPENED have been processed. Wait until the guest agent is disconnected to re-open our side. Signed-off-by: Marc-André Lureau Message-Id: <20220912102455.111765-6-marcandre.lureau@redhat.com> Signed-off-by: Gerd Hoffmann --- ui/vdagent.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'ui') diff --git a/ui/vdagent.c b/ui/vdagent.c index 819e0dc143..4bf50f0c4d 100644 --- a/ui/vdagent.c +++ b/ui/vdagent.c @@ -471,7 +471,7 @@ static void vdagent_clipboard_reset_serial(VDAgentChardev *vd) /* reopen the agent connection to reset the serial state */ qemu_chr_be_event(chr, CHR_EVENT_CLOSED); - qemu_chr_be_event(chr, CHR_EVENT_OPENED); + /* OPENED again after the guest disconnected, see set_fe_open */ } static void vdagent_clipboard_notify(Notifier *notifier, void *data) @@ -875,6 +875,9 @@ static void vdagent_chr_set_fe_open(struct Chardev *chr, int fe_open) { if (!fe_open) { trace_vdagent_close(); + /* To reset_serial, we CLOSED our side. Make sure the other end knows we + * are ready again. */ + qemu_chr_be_event(chr, CHR_EVENT_OPENED); return; } -- cgit v1.2.3-55-g7522 From 17b55372b509a253abed9d7d4a81772f6067220f Mon Sep 17 00:00:00 2001 From: Volker Rümelin Date: Mon, 19 Sep 2022 08:19:56 +0200 Subject: ui/console: fix three double frees in png_save() The png_destroy_write_struct() function frees all memory used by libpng. Don't use the glib auto cleanup mechanism to free the memory allocated by libpng again. For the pixman image, use only the auto cleanup mechanism and remove the qemu_pixman_image_unref() function call to prevent another double free. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1210 Fixes: 9a0a119a38 ("Added parameter to take screenshot with screendump as PNG") Tested-by: Philippe Mathieu-Daudé Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Volker Rümelin Message-Id: <20220919061956.30929-1-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann --- ui/console.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'ui') diff --git a/ui/console.c b/ui/console.c index 243f2f6e64..49da6a91df 100644 --- a/ui/console.c +++ b/ui/console.c @@ -304,8 +304,8 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp) { int width = pixman_image_get_width(image); int height = pixman_image_get_height(image); - g_autofree png_struct *png_ptr = NULL; - g_autofree png_info *info_ptr = NULL; + png_struct *png_ptr; + png_info *info_ptr; g_autoptr(pixman_image_t) linebuf = qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width); uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf); @@ -346,7 +346,6 @@ static bool png_save(int fd, pixman_image_t *image, Error **errp) qemu_pixman_linebuf_fill(linebuf, image, width, 0, y); png_write_row(png_ptr, buf); } - qemu_pixman_image_unref(linebuf); png_write_end(png_ptr, NULL); -- cgit v1.2.3-55-g7522