aboutsummaryrefslogtreecommitdiffstats
path: root/android
diff options
context:
space:
mode:
authorVladimir Chtchetkine <vchtchetkine@google.com>2011-09-07 10:05:07 -0700
committerVladimir Chtchetkine <vchtchetkine@google.com>2011-09-07 10:05:07 -0700
commit1875d374acc7412b8b0aacaff073c8080d532924 (patch)
treec575e0b1d3c12b16af49d10489c6c1e187cd11d4 /android
parent6e2f6276fabd4be1950f65bfb7fdb3d0e9599648 (diff)
downloadexternal_qemu-1875d374acc7412b8b0aacaff073c8080d532924.zip
external_qemu-1875d374acc7412b8b0aacaff073c8080d532924.tar.gz
external_qemu-1875d374acc7412b8b0aacaff073c8080d532924.tar.bz2
Fix for a _qemudPipe_recvBuffers bug
When filling in qemud buffers in the loop, current offset in the current qemud buffer (off_in_buff variable) has not been accounted for when calculating number of bytes to copy from the message to qemud buffer. This caused data corruption, because number of bytes copied has exceeded the capacity of qemud buffer. Also, off_in_buff has not been reset when switching to the next qemud buffer. Also fixed _qemud_char_service_connect routine to accept a client parameter string Change-Id: I2f5a7ca5924c0b79d8755f4777145044567f3e8d
Diffstat (limited to 'android')
-rw-r--r--android/hw-qemud.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/android/hw-qemud.c b/android/hw-qemud.c
index 094421b..b8d912c 100644
--- a/android/hw-qemud.c
+++ b/android/hw-qemud.c
@@ -1987,7 +1987,7 @@ _qemudPipe_recvBuffers(void* opaque, GoldfishPipeBuffer* buffers, int numBuffers
while (buff != endbuff && *msg_list != NULL) {
QemudPipeMessage* msg = *msg_list;
/* Message data fiting the current pipe's buffer. */
- size_t to_copy = min(msg->size - msg->offset, buff->size);
+ size_t to_copy = min(msg->size - msg->offset, buff->size - off_in_buff);
memcpy(buff->data + off_in_buff, msg->message + msg->offset, to_copy);
/* Update offsets. */
off_in_buff += to_copy;
@@ -2001,6 +2001,7 @@ _qemudPipe_recvBuffers(void* opaque, GoldfishPipeBuffer* buffers, int numBuffers
if (off_in_buff == buff->size) {
/* Current pipe buffer is full. Continue with the next one. */
buff++;
+ off_in_buff = 0;
}
}
@@ -2247,10 +2248,13 @@ _qemud_char_service_read( void* opaque, const uint8_t* from, int len )
* data from it.
*/
static QemudClient*
-_qemud_char_service_connect( void* opaque, QemudService* sv, int channel )
+_qemud_char_service_connect(void* opaque,
+ QemudService* sv,
+ int channel,
+ const char* client_param )
{
CharDriverState* cs = opaque;
- QemudClient* c = qemud_client_new( sv, channel, NULL,
+ QemudClient* c = qemud_client_new( sv, channel, client_param,
cs,
_qemud_char_client_recv,
_qemud_char_client_close,