[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 10/25] ui/console: fix three double frees in png_save()
|
From: |
Gerd Hoffmann |
|
Subject: |
[PULL 10/25] ui/console: fix three double frees in png_save() |
|
Date: |
Mon, 26 Sep 2022 11:54:54 +0200 |
From: Volker Rümelin <vr_qemu@t-online.de>
The png_destroy_write_struct() function frees all memory used by
libpng. Don't use the glib auto cleanup mechanism to free the
memory allocated by libpng again. For the pixman image, use only the
auto cleanup mechanism and remove the qemu_pixman_image_unref()
function call to prevent another double free.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1210
Fixes: 9a0a119a38 ("Added parameter to take screenshot with screendump as PNG")
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20220919061956.30929-1-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
ui/console.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/ui/console.c b/ui/console.c
index 243f2f6e64ae..49da6a91df6f 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -304,8 +304,8 @@ static bool png_save(int fd, pixman_image_t *image, Error
**errp)
{
int width = pixman_image_get_width(image);
int height = pixman_image_get_height(image);
- g_autofree png_struct *png_ptr = NULL;
- g_autofree png_info *info_ptr = NULL;
+ png_struct *png_ptr;
+ png_info *info_ptr;
g_autoptr(pixman_image_t) linebuf =
qemu_pixman_linebuf_create(PIXMAN_a8r8g8b8, width);
uint8_t *buf = (uint8_t *)pixman_image_get_data(linebuf);
@@ -346,7 +346,6 @@ static bool png_save(int fd, pixman_image_t *image, Error
**errp)
qemu_pixman_linebuf_fill(linebuf, image, width, 0, y);
png_write_row(png_ptr, buf);
}
- qemu_pixman_image_unref(linebuf);
png_write_end(png_ptr, NULL);
--
2.37.3
- [PULL 00/25] Kraxel 20220926 patches, Gerd Hoffmann, 2022/09/26
- [PULL 01/25] ui/console: Get tab completion working again in the SDL monitor vc, Gerd Hoffmann, 2022/09/26
- [PULL 03/25] Revert "main-loop: Disable block backend global state assertion on Cocoa", Gerd Hoffmann, 2022/09/26
- [PULL 06/25] ui/clipboard: fix serial priority, Gerd Hoffmann, 2022/09/26
- [PULL 04/25] meson: Allow to enable gtk and sdl while cocoa is enabled, Gerd Hoffmann, 2022/09/26
- [PULL 02/25] ui/cocoa: Run qemu_init in the main thread, Gerd Hoffmann, 2022/09/26
- [PULL 05/25] ui: add some vdagent related traces, Gerd Hoffmann, 2022/09/26
- [PULL 07/25] ui/vdagent: always reset the clipboard serial on caps, Gerd Hoffmann, 2022/09/26
- [PULL 08/25] ui/clipboard: reset the serial state on reset, Gerd Hoffmann, 2022/09/26
- [PULL 11/25] hw/usb/hcd-xhci: Check whether DMA accesses fail, Gerd Hoffmann, 2022/09/26
- [PULL 10/25] ui/console: fix three double frees in png_save(),
Gerd Hoffmann <=
- [PULL 13/25] hcd-ohci: Fix inconsistency when resetting ohci root hubs, Gerd Hoffmann, 2022/09/26
- [PULL 12/25] hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero, Gerd Hoffmann, 2022/09/26
- [PULL 15/25] usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert, Gerd Hoffmann, 2022/09/26
- [PULL 09/25] ui/vdagent: fix serial reset of guest agent, Gerd Hoffmann, 2022/09/26
- [PULL 16/25] hcd-xhci: drop operation with secondary stream arrays enabled, Gerd Hoffmann, 2022/09/26
- [PULL 19/25] usbnet: Detect short packets as sent by the xHCI controller, Gerd Hoffmann, 2022/09/26
- [PULL 14/25] usb/msd: move usb_msd_packet_complete(), Gerd Hoffmann, 2022/09/26
- [PULL 17/25] usbnet: Add missing usb_wakeup() call in usbnet_receive(), Gerd Hoffmann, 2022/09/26