 Home |
Products |
Support |
Community |
News |
xen-devel
[Xen-devel] [PATCH] qemu-dm drops into infinite loop
| To: | xen-devel@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-devel] [PATCH] qemu-dm drops into infinite loop |
| From: | Kouya SHIMURA <kouya@xxxxxxxxxxxxxx> |
| Date: | Mon, 11 Sep 2006 19:38:35 +0900 |
| Delivery-date: | Mon, 11 Sep 2006 03:39:09 -0700 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
Hi,
I encountered the problem that qemu-dm hangs up.
After some investigation, I found qemu-dm drops into infinite loop
in function vnc_client_read() of tools/ioemu/vnc.c.
while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
size_t len = vs->read_handler_expect;
int ret;
ret = vs->read_handler(vs, vs->input.buffer, len);
...
if (!ret) {
...
} else
vs->read_handler_expect = ret;
}
Attached patch prevents qemu-dm from causing the infinite loop.
Thanks
Kouya
Signed-off-by: Kouya Shimura <kouya@xxxxxxxxxxxxxx>
diff -r 7acaba46e15e tools/ioemu/vnc.c
--- a/tools/ioemu/vnc.c Fri Sep 08 15:46:54 2006 -0700
+++ b/tools/ioemu/vnc.c Mon Sep 11 19:28:31 2006 +0900
@@ -1016,6 +1016,7 @@ static int protocol_client_msg(VncState
{
int i;
uint16_t limit;
+ size_t cut_len;
switch (data[0]) {
case 0:
@@ -1032,10 +1033,11 @@ static int protocol_client_msg(VncState
if (len == 1)
return 4;
- if (len == 4)
- return 4 + (read_u16(data, 2) * 4);
-
limit = read_u16(data, 2);
+
+ if (len == 4 && limit > 0)
+ return 4 + (limit * 4);
+
for (i = 0; i < limit; i++) {
int32_t val = read_s32(data, 4 + (i * 4));
memcpy(data + 4 + (i * 4), &val, sizeof(val));
@@ -1067,10 +1069,12 @@ static int protocol_client_msg(VncState
if (len == 1)
return 8;
- if (len == 8)
- return 8 + read_u32(data, 4);
-
- client_cut_text(vs, read_u32(data, 4), data + 8);
+ cut_len = read_u32(data, 4);
+
+ if (len == 8 && cut_len > 0)
+ return 8 + cut_len;
+
+ client_cut_text(vs, cut_len, data + 8);
break;
default:
printf("Msg: %d\n", data[0]);
_______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Xen-devel] Acquire uuid of user domain X from Dom0, Liran Schour |
|---|---|
| Next by Date: | Re: [Xen-devel] unstable tip not booting on x86-64 with 'domain_crash_sync', Travis Betak |
| Previous by Thread: | [Xen-devel] [PATCH] Show usage message of xm sysrq, Masaki Kanno |
| Next by Thread: | Re: [Xen-devel] [patch] Improve error reporting in XenD, Daniel P. Berrange |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
