diff options
| author | Vladimir Chtchetkine <vchtchetkine@google.com> | 2011-09-07 10:05:07 -0700 |
|---|---|---|
| committer | Vladimir Chtchetkine <vchtchetkine@google.com> | 2011-09-07 10:05:07 -0700 |
| commit | 1875d374acc7412b8b0aacaff073c8080d532924 (patch) | |
| tree | c575e0b1d3c12b16af49d10489c6c1e187cd11d4 /android | |
| parent | 6e2f6276fabd4be1950f65bfb7fdb3d0e9599648 (diff) | |
| download | external_qemu-1875d374acc7412b8b0aacaff073c8080d532924.zip external_qemu-1875d374acc7412b8b0aacaff073c8080d532924.tar.gz external_qemu-1875d374acc7412b8b0aacaff073c8080d532924.tar.bz2 | |
Fix for a _qemudPipe_recvBuffers bug
When filling in qemud buffers in the loop, current offset in the current qemud buffer
(off_in_buff variable) has not been accounted for when calculating number of bytes
to copy from the message to qemud buffer. This caused data corruption, because number
of bytes copied has exceeded the capacity of qemud buffer.
Also, off_in_buff has not been reset when switching to the next qemud buffer.
Also fixed _qemud_char_service_connect routine to accept a client parameter string
Change-Id: I2f5a7ca5924c0b79d8755f4777145044567f3e8d
Diffstat (limited to 'android')
| -rw-r--r-- | android/hw-qemud.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/android/hw-qemud.c b/android/hw-qemud.c index 094421b..b8d912c 100644 --- a/android/hw-qemud.c +++ b/android/hw-qemud.c @@ -1987,7 +1987,7 @@ _qemudPipe_recvBuffers(void* opaque, GoldfishPipeBuffer* buffers, int numBuffers while (buff != endbuff && *msg_list != NULL) { QemudPipeMessage* msg = *msg_list; /* Message data fiting the current pipe's buffer. */ - size_t to_copy = min(msg->size - msg->offset, buff->size); + size_t to_copy = min(msg->size - msg->offset, buff->size - off_in_buff); memcpy(buff->data + off_in_buff, msg->message + msg->offset, to_copy); /* Update offsets. */ off_in_buff += to_copy; @@ -2001,6 +2001,7 @@ _qemudPipe_recvBuffers(void* opaque, GoldfishPipeBuffer* buffers, int numBuffers if (off_in_buff == buff->size) { /* Current pipe buffer is full. Continue with the next one. */ buff++; + off_in_buff = 0; } } @@ -2247,10 +2248,13 @@ _qemud_char_service_read( void* opaque, const uint8_t* from, int len ) * data from it. */ static QemudClient* -_qemud_char_service_connect( void* opaque, QemudService* sv, int channel ) +_qemud_char_service_connect(void* opaque, + QemudService* sv, + int channel, + const char* client_param ) { CharDriverState* cs = opaque; - QemudClient* c = qemud_client_new( sv, channel, NULL, + QemudClient* c = qemud_client_new( sv, channel, client_param, cs, _qemud_char_client_recv, _qemud_char_client_close, |