From 51a090991449c7d3c6d428eda18b4f30a36e2c1b Mon Sep 17 00:00:00 2001 From: Gerd Hoffmann Date: Thu, 15 Jan 2015 12:06:16 +0100 Subject: spice: fix coverity reported defect in display code Report: 1. Condition surface, taking false branch 406 if (surface && ssd->surface && 407 surface_width(surface) == pixman_image_get_width(ssd->surface) && 408 surface_height(surface) == pixman_image_get_height(ssd->surface)) { 409 /* no-resize fast path: just swap backing store */ ... 10. alias_transfer: Assigning: ssd->ds = surface. 440 ssd->ds = surface; 11. var_deref_op: Dereferencing null pointer ssd->ds. CID 1264334 (#1 of 1): Dereference after null check (FORWARD_NULL) 441 ssd->surface = pixman_image_ref(ssd->ds->image); Fix: Move code block dereferencing ssd->ds into the already existing if (ssd->ds) { ... } block. Cc: Paolo Bonzini Signed-off-by: Gerd Hoffmann --- ui/spice-display.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ui/spice-display.c b/ui/spice-display.c index 8c87212..1644185 100644 --- a/ui/spice-display.c +++ b/ui/spice-display.c @@ -438,9 +438,6 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd, qemu_mutex_lock(&ssd->lock); need_destroy = (ssd->ds != NULL); ssd->ds = surface; - ssd->surface = pixman_image_ref(ssd->ds->image); - ssd->mirror = qemu_pixman_mirror_create(ssd->ds->format, - ssd->ds->image); while ((update = QTAILQ_FIRST(&ssd->updates)) != NULL) { QTAILQ_REMOVE(&ssd->updates, update, next); qemu_spice_destroy_update(ssd, update); @@ -450,6 +447,9 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd, qemu_spice_destroy_host_primary(ssd); } if (ssd->ds) { + ssd->surface = pixman_image_ref(ssd->ds->image); + ssd->mirror = qemu_pixman_mirror_create(ssd->ds->format, + ssd->ds->image); qemu_spice_create_host_primary(ssd); } -- cgit v1.1