Hi everyone, here is another patch for a much less significant bug. If
your "vc" console width is 0, qemu corrupts the heap (because it
writes one character into a screen buffer that's been malloc'ed as
size 0). I don't know if this bug ever causes problems in practice
--- I picked it up using mcheck() when debugging heap corruption due
to various slirp bugs. Anyway, this trivial patch fixes the trivial
bug. Feedback on what I can do to get patches like this applied most
appreciated!
Thanks,
-Ken
diff -burN qemu-snapshot-2006-03-27_23.orig/console.c
qemu-snapshot-2006-03-27_23/console.c
--- qemu-snapshot-2006-03-27_23.orig/console.c 2006-03-11 07:35:30.000000000
-0800
+++ qemu-snapshot-2006-03-27_23/console.c 2006-04-06 00:25:41.000000000
-0700
@@ -407,7 +407,8 @@
if (s->width < w1)
w1 = s->width;
- cells = qemu_malloc(s->width * s->total_height * sizeof(TextCell));
+ cells = qemu_malloc((s->width * s->total_height + 1) * sizeof(TextCell));
+ /* Add one extra in case s->width is 0, so we can still store one
character. */
for(y = 0; y < s->total_height; y++) {
c = &cells[y * s->width];
if (w1 > 0) {
_______________________________________________
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
