aboutsummaryrefslogtreecommitdiff
path: root/hw/qxl-render.c
diff options
context:
space:
mode:
authorAlon Levy <alevy@redhat.com>2012-04-25 12:13:18 +0300
committerGerd Hoffmann <kraxel@redhat.com>2012-05-03 10:45:04 +0200
commitfae2afb10e3fdceab612c62a2b1e8b944ff578d9 (patch)
tree5bc1cd441b96389182b760df8d89fc9e03297325 /hw/qxl-render.c
parent4b635c59b04cae594f49d9aa45d31b3f318def8f (diff)
qxl: check for NULL return from qxl_phys2virt
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/qxl-render.c')
-rw-r--r--hw/qxl-render.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/hw/qxl-render.c b/hw/qxl-render.c
index f7f1bfda04..e2e3fe2d37 100644
--- a/hw/qxl-render.c
+++ b/hw/qxl-render.c
@@ -228,14 +228,18 @@ fail:
/* called from spice server thread context only */
-void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
+int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
{
QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
QXLCursor *cursor;
QEMUCursor *c;
+ if (!cmd) {
+ return 1;
+ }
+
if (!qxl->ssd.ds->mouse_set || !qxl->ssd.ds->cursor_define) {
- return;
+ return 0;
}
if (qxl->debug > 1 && cmd->type != QXL_CURSOR_MOVE) {
@@ -246,9 +250,12 @@ void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
switch (cmd->type) {
case QXL_CURSOR_SET:
cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id);
+ if (!cursor) {
+ return 1;
+ }
if (cursor->chunk.data_size != cursor->data_size) {
fprintf(stderr, "%s: multiple chunks\n", __FUNCTION__);
- return;
+ return 1;
}
c = qxl_cursor(qxl, cursor);
if (c == NULL) {
@@ -270,4 +277,5 @@ void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
qemu_mutex_unlock(&qxl->ssd.lock);
break;
}
+ return 0;
}
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-28 08:47:58 +0000