From: Marc-André Lureau <marcandre.lur...@redhat.com> Commit 9462ff4695aa0 ("virtio-gpu/win32: allocate shareable 2d resources/images") introduces a division, which can lead to crashes when "height" is 0.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1744 Signed-off-by: Marc-André Lureau <marcandre.lur...@redhat.com> --- hw/display/virtio-gpu.c | 4 ++-- tests/lcitool/libvirt-ci | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 347e17d490..7371a5cbf0 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -324,7 +324,7 @@ static void virtio_gpu_resource_create_2d(VirtIOGPU *g, res->image = pixman_image_create_bits(pformat, c2d.width, c2d.height, - bits, res->hostmem / c2d.height); + bits, c2d.height ? res->hostmem / c2d.height : 0); #ifdef WIN32 if (res->image) { pixman_image_set_destroy_function(res->image, win32_pixman_image_destroy, res->handle); @@ -1292,7 +1292,7 @@ static int virtio_gpu_load(QEMUFile *f, void *opaque, size_t size, #endif res->image = pixman_image_create_bits(pformat, res->width, res->height, - bits, res->hostmem / res->height); + bits, res->height ? res->hostmem / res->height : 0); if (!res->image) { g_free(res); return -EINVAL; diff --git a/tests/lcitool/libvirt-ci b/tests/lcitool/libvirt-ci index b0f44f929a..c8971e90ac 160000 --- a/tests/lcitool/libvirt-ci +++ b/tests/lcitool/libvirt-ci @@ -1 +1 @@ -Subproject commit b0f44f929a81c0a604fb7fbf8afc34d37ab0eae9 +Subproject commit c8971e90ac169ee2b539c747f74d96c876debdf9 -- 2.41.0