From: Gerd Hoffmann Date: Thu, 15 Jan 2015 11:06:16 +0000 (+0100) Subject: spice: fix coverity reported defect in display code X-Git-Tag: v2.3.0-rc0~94^2 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=51a090991449c7d3c6d428eda18b4f30a36e2c1b;p=users%2Fdwmw2%2Fqemu.git spice: fix coverity reported defect in display code Report: 1. Condition surface, taking false branch 406 if (surface && ssd->surface && 407 surface_width(surface) == pixman_image_get_width(ssd->surface) && 408 surface_height(surface) == pixman_image_get_height(ssd->surface)) { 409 /* no-resize fast path: just swap backing store */ ... 10. alias_transfer: Assigning: ssd->ds = surface. 440 ssd->ds = surface; 11. var_deref_op: Dereferencing null pointer ssd->ds. CID 1264334 (#1 of 1): Dereference after null check (FORWARD_NULL) 441 ssd->surface = pixman_image_ref(ssd->ds->image); Fix: Move code block dereferencing ssd->ds into the already existing if (ssd->ds) { ... } block. Cc: Paolo Bonzini Signed-off-by: Gerd Hoffmann --- diff --git a/ui/spice-display.c b/ui/spice-display.c index 8c872129de..16441852e4 100644 --- a/ui/spice-display.c +++ b/ui/spice-display.c @@ -438,9 +438,6 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd, qemu_mutex_lock(&ssd->lock); need_destroy = (ssd->ds != NULL); ssd->ds = surface; - ssd->surface = pixman_image_ref(ssd->ds->image); - ssd->mirror = qemu_pixman_mirror_create(ssd->ds->format, - ssd->ds->image); while ((update = QTAILQ_FIRST(&ssd->updates)) != NULL) { QTAILQ_REMOVE(&ssd->updates, update, next); qemu_spice_destroy_update(ssd, update); @@ -450,6 +447,9 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd, qemu_spice_destroy_host_primary(ssd); } if (ssd->ds) { + ssd->surface = pixman_image_ref(ssd->ds->image); + ssd->mirror = qemu_pixman_mirror_create(ssd->ds->format, + ssd->ds->image); qemu_spice_create_host_primary(ssd); }