summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLee Chee Yang <chee.yang.lee@intel.com>2020-03-11 14:47:35 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-03-19 09:57:50 +0000
commit70686ed9aac23a48a3a825297e2fe4c73b678e9d (patch)
treee71ba84276b025c685886b9fb94d97844dd091fc
parentc6f99b055ef6f47bedea0c1cf040e5fb69523eb9 (diff)
downloadpoky-70686ed9aac23a48a3a825297e2fe4c73b678e9d.tar.gz
qemu: fix CVE-2019-20382
(From OE-Core rev: dac4545cdf0ab848086da96eac123d0c640cd8b2) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/recipes-devtools/qemu/qemu.inc1
-rw-r--r--meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch1018
2 files changed, 1019 insertions, 0 deletions
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index d394db8a41..f451017f6d 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -30,6 +30,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
30 file://CVE-2019-15890.patch \ 30 file://CVE-2019-15890.patch \
31 file://CVE-2019-12068.patch \ 31 file://CVE-2019-12068.patch \
32 file://CVE-2020-1711.patch \ 32 file://CVE-2020-1711.patch \
33 file://CVE-2019-20382.patch \
33 " 34 "
34UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar" 35UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
35 36
diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch b/meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch
new file mode 100644
index 0000000000..183d100398
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/CVE-2019-20382.patch
@@ -0,0 +1,1018 @@
1From 6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0 Mon Sep 17 00:00:00 2001
2From: Li Qiang <liq3ea@163.com>
3Date: Sat, 31 Aug 2019 08:39:22 -0700
4Subject: [PATCH] vnc: fix memory leak when vnc disconnect
5
6Currently when qemu receives a vnc connect, it creates a 'VncState' to
7represent this connection. In 'vnc_worker_thread_loop' it creates a
8local 'VncState'. The connection 'VcnState' and local 'VncState' exchange
9data in 'vnc_async_encoding_start' and 'vnc_async_encoding_end'.
10In 'zrle_compress_data' it calls 'deflateInit2' to allocate the libz library
11opaque data. The 'VncState' used in 'zrle_compress_data' is the local
12'VncState'. In 'vnc_zrle_clear' it calls 'deflateEnd' to free the libz
13library opaque data. The 'VncState' used in 'vnc_zrle_clear' is the connection
14'VncState'. In currently implementation there will be a memory leak when the
15vnc disconnect. Following is the asan output backtrack:
16
17Direct leak of 29760 byte(s) in 5 object(s) allocated from:
18 0 0xffffa67ef3c3 in __interceptor_calloc (/lib64/libasan.so.4+0xd33c3)
19 1 0xffffa65071cb in g_malloc0 (/lib64/libglib-2.0.so.0+0x571cb)
20 2 0xffffa5e968f7 in deflateInit2_ (/lib64/libz.so.1+0x78f7)
21 3 0xaaaacec58613 in zrle_compress_data ui/vnc-enc-zrle.c:87
22 4 0xaaaacec58613 in zrle_send_framebuffer_update ui/vnc-enc-zrle.c:344
23 5 0xaaaacec34e77 in vnc_send_framebuffer_update ui/vnc.c:919
24 6 0xaaaacec5e023 in vnc_worker_thread_loop ui/vnc-jobs.c:271
25 7 0xaaaacec5e5e7 in vnc_worker_thread ui/vnc-jobs.c:340
26 8 0xaaaacee4d3c3 in qemu_thread_start util/qemu-thread-posix.c:502
27 9 0xffffa544e8bb in start_thread (/lib64/libpthread.so.0+0x78bb)
28 10 0xffffa53965cb in thread_start (/lib64/libc.so.6+0xd55cb)
29
30This is because the opaque allocated in 'deflateInit2' is not freed in
31'deflateEnd'. The reason is that the 'deflateEnd' calls 'deflateStateCheck'
32and in the latter will check whether 's->strm != strm'(libz's data structure).
33This check will be true so in 'deflateEnd' it just return 'Z_STREAM_ERROR' and
34not free the data allocated in 'deflateInit2'.
35
36The reason this happens is that the 'VncState' contains the whole 'VncZrle',
37so when calling 'deflateInit2', the 's->strm' will be the local address.
38So 's->strm != strm' will be true.
39
40To fix this issue, we need to make 'zrle' of 'VncState' to be a pointer.
41Then the connection 'VncState' and local 'VncState' exchange mechanism will
42work as expection. The 'tight' of 'VncState' has the same issue, let's also turn
43it to a pointer.
44
45Reported-by: Ying Fang <fangying1@huawei.com>
46Signed-off-by: Li Qiang <liq3ea@163.com>
47Message-id: 20190831153922.121308-1-liq3ea@163.com
48Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
49
50Upstream-Status: Backport [https://git.qemu.org/?p=qemu.git;a=commit;h=6bf21f3d83e95bcc4ba35a7a07cc6655e8b010b0]
51CVE: CVE-2019-20382
52Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
53
54---
55 ui/vnc-enc-tight.c | 219 +++++++++++++++++++++++++-------------------------
56 ui/vnc-enc-zlib.c | 11 +--
57 ui/vnc-enc-zrle.c | 68 ++++++++--------
58 ui/vnc-enc-zrle.inc.c | 2 +-
59 ui/vnc.c | 28 ++++---
60 ui/vnc.h | 4 +-
61 6 files changed, 170 insertions(+), 162 deletions(-)
62
63diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
64index 9084c22..1e08518 100644
65--- a/ui/vnc-enc-tight.c
66+++ b/ui/vnc-enc-tight.c
67@@ -116,7 +116,7 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h,
68
69 static bool tight_can_send_png_rect(VncState *vs, int w, int h)
70 {
71- if (vs->tight.type != VNC_ENCODING_TIGHT_PNG) {
72+ if (vs->tight->type != VNC_ENCODING_TIGHT_PNG) {
73 return false;
74 }
75
76@@ -144,7 +144,7 @@ tight_detect_smooth_image24(VncState *vs, int w, int h)
77 int pixels = 0;
78 int pix, left[3];
79 unsigned int errors;
80- unsigned char *buf = vs->tight.tight.buffer;
81+ unsigned char *buf = vs->tight->tight.buffer;
82
83 /*
84 * If client is big-endian, color samples begin from the second
85@@ -215,7 +215,7 @@ tight_detect_smooth_image24(VncState *vs, int w, int h)
86 int pixels = 0; \
87 int sample, sum, left[3]; \
88 unsigned int errors; \
89- unsigned char *buf = vs->tight.tight.buffer; \
90+ unsigned char *buf = vs->tight->tight.buffer; \
91 \
92 endian = 0; /* FIXME */ \
93 \
94@@ -296,8 +296,8 @@ static int
95 tight_detect_smooth_image(VncState *vs, int w, int h)
96 {
97 unsigned int errors;
98- int compression = vs->tight.compression;
99- int quality = vs->tight.quality;
100+ int compression = vs->tight->compression;
101+ int quality = vs->tight->quality;
102
103 if (!vs->vd->lossy) {
104 return 0;
105@@ -309,7 +309,7 @@ tight_detect_smooth_image(VncState *vs, int w, int h)
106 return 0;
107 }
108
109- if (vs->tight.quality != (uint8_t)-1) {
110+ if (vs->tight->quality != (uint8_t)-1) {
111 if (w * h < VNC_TIGHT_JPEG_MIN_RECT_SIZE) {
112 return 0;
113 }
114@@ -320,9 +320,9 @@ tight_detect_smooth_image(VncState *vs, int w, int h)
115 }
116
117 if (vs->client_pf.bytes_per_pixel == 4) {
118- if (vs->tight.pixel24) {
119+ if (vs->tight->pixel24) {
120 errors = tight_detect_smooth_image24(vs, w, h);
121- if (vs->tight.quality != (uint8_t)-1) {
122+ if (vs->tight->quality != (uint8_t)-1) {
123 return (errors < tight_conf[quality].jpeg_threshold24);
124 }
125 return (errors < tight_conf[compression].gradient_threshold24);
126@@ -352,7 +352,7 @@ tight_detect_smooth_image(VncState *vs, int w, int h)
127 uint##bpp##_t c0, c1, ci; \
128 int i, n0, n1; \
129 \
130- data = (uint##bpp##_t *)vs->tight.tight.buffer; \
131+ data = (uint##bpp##_t *)vs->tight->tight.buffer; \
132 \
133 c0 = data[0]; \
134 i = 1; \
135@@ -423,9 +423,9 @@ static int tight_fill_palette(VncState *vs, int x, int y,
136 {
137 int max;
138
139- max = count / tight_conf[vs->tight.compression].idx_max_colors_divisor;
140+ max = count / tight_conf[vs->tight->compression].idx_max_colors_divisor;
141 if (max < 2 &&
142- count >= tight_conf[vs->tight.compression].mono_min_rect_size) {
143+ count >= tight_conf[vs->tight->compression].mono_min_rect_size) {
144 max = 2;
145 }
146 if (max >= 256) {
147@@ -558,7 +558,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h)
148 int x, y, c;
149
150 buf32 = (uint32_t *)buf;
151- memset(vs->tight.gradient.buffer, 0, w * 3 * sizeof(int));
152+ memset(vs->tight->gradient.buffer, 0, w * 3 * sizeof(int));
153
154 if (1 /* FIXME */) {
155 shift[0] = vs->client_pf.rshift;
156@@ -575,7 +575,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h)
157 upper[c] = 0;
158 here[c] = 0;
159 }
160- prev = (int *)vs->tight.gradient.buffer;
161+ prev = (int *)vs->tight->gradient.buffer;
162 for (x = 0; x < w; x++) {
163 pix32 = *buf32++;
164 for (c = 0; c < 3; c++) {
165@@ -615,7 +615,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h)
166 int prediction; \
167 int x, y, c; \
168 \
169- memset (vs->tight.gradient.buffer, 0, w * 3 * sizeof(int)); \
170+ memset(vs->tight->gradient.buffer, 0, w * 3 * sizeof(int)); \
171 \
172 endian = 0; /* FIXME */ \
173 \
174@@ -631,7 +631,7 @@ tight_filter_gradient24(VncState *vs, uint8_t *buf, int w, int h)
175 upper[c] = 0; \
176 here[c] = 0; \
177 } \
178- prev = (int *)vs->tight.gradient.buffer; \
179+ prev = (int *)vs->tight->gradient.buffer; \
180 for (x = 0; x < w; x++) { \
181 pix = *buf; \
182 if (endian) { \
183@@ -785,7 +785,7 @@ static void extend_solid_area(VncState *vs, int x, int y, int w, int h,
184 static int tight_init_stream(VncState *vs, int stream_id,
185 int level, int strategy)
186 {
187- z_streamp zstream = &vs->tight.stream[stream_id];
188+ z_streamp zstream = &vs->tight->stream[stream_id];
189
190 if (zstream->opaque == NULL) {
191 int err;
192@@ -803,15 +803,15 @@ static int tight_init_stream(VncState *vs, int stream_id,
193 return -1;
194 }
195
196- vs->tight.levels[stream_id] = level;
197+ vs->tight->levels[stream_id] = level;
198 zstream->opaque = vs;
199 }
200
201- if (vs->tight.levels[stream_id] != level) {
202+ if (vs->tight->levels[stream_id] != level) {
203 if (deflateParams(zstream, level, strategy) != Z_OK) {
204 return -1;
205 }
206- vs->tight.levels[stream_id] = level;
207+ vs->tight->levels[stream_id] = level;
208 }
209 return 0;
210 }
211@@ -839,11 +839,11 @@ static void tight_send_compact_size(VncState *vs, size_t len)
212 static int tight_compress_data(VncState *vs, int stream_id, size_t bytes,
213 int level, int strategy)
214 {
215- z_streamp zstream = &vs->tight.stream[stream_id];
216+ z_streamp zstream = &vs->tight->stream[stream_id];
217 int previous_out;
218
219 if (bytes < VNC_TIGHT_MIN_TO_COMPRESS) {
220- vnc_write(vs, vs->tight.tight.buffer, vs->tight.tight.offset);
221+ vnc_write(vs, vs->tight->tight.buffer, vs->tight->tight.offset);
222 return bytes;
223 }
224
225@@ -852,13 +852,13 @@ static int tight_compress_data(VncState *vs, int stream_id, size_t bytes,
226 }
227
228 /* reserve memory in output buffer */
229- buffer_reserve(&vs->tight.zlib, bytes + 64);
230+ buffer_reserve(&vs->tight->zlib, bytes + 64);
231
232 /* set pointers */
233- zstream->next_in = vs->tight.tight.buffer;
234- zstream->avail_in = vs->tight.tight.offset;
235- zstream->next_out = vs->tight.zlib.buffer + vs->tight.zlib.offset;
236- zstream->avail_out = vs->tight.zlib.capacity - vs->tight.zlib.offset;
237+ zstream->next_in = vs->tight->tight.buffer;
238+ zstream->avail_in = vs->tight->tight.offset;
239+ zstream->next_out = vs->tight->zlib.buffer + vs->tight->zlib.offset;
240+ zstream->avail_out = vs->tight->zlib.capacity - vs->tight->zlib.offset;
241 previous_out = zstream->avail_out;
242 zstream->data_type = Z_BINARY;
243
244@@ -868,14 +868,14 @@ static int tight_compress_data(VncState *vs, int stream_id, size_t bytes,
245 return -1;
246 }
247
248- vs->tight.zlib.offset = vs->tight.zlib.capacity - zstream->avail_out;
249+ vs->tight->zlib.offset = vs->tight->zlib.capacity - zstream->avail_out;
250 /* ...how much data has actually been produced by deflate() */
251 bytes = previous_out - zstream->avail_out;
252
253 tight_send_compact_size(vs, bytes);
254- vnc_write(vs, vs->tight.zlib.buffer, bytes);
255+ vnc_write(vs, vs->tight->zlib.buffer, bytes);
256
257- buffer_reset(&vs->tight.zlib);
258+ buffer_reset(&vs->tight->zlib);
259
260 return bytes;
261 }
262@@ -927,16 +927,17 @@ static int send_full_color_rect(VncState *vs, int x, int y, int w, int h)
263
264 vnc_write_u8(vs, stream << 4); /* no flushing, no filter */
265
266- if (vs->tight.pixel24) {
267- tight_pack24(vs, vs->tight.tight.buffer, w * h, &vs->tight.tight.offset);
268+ if (vs->tight->pixel24) {
269+ tight_pack24(vs, vs->tight->tight.buffer, w * h,
270+ &vs->tight->tight.offset);
271 bytes = 3;
272 } else {
273 bytes = vs->client_pf.bytes_per_pixel;
274 }
275
276 bytes = tight_compress_data(vs, stream, w * h * bytes,
277- tight_conf[vs->tight.compression].raw_zlib_level,
278- Z_DEFAULT_STRATEGY);
279+ tight_conf[vs->tight->compression].raw_zlib_level,
280+ Z_DEFAULT_STRATEGY);
281
282 return (bytes >= 0);
283 }
284@@ -947,14 +948,14 @@ static int send_solid_rect(VncState *vs)
285
286 vnc_write_u8(vs, VNC_TIGHT_FILL << 4); /* no flushing, no filter */
287
288- if (vs->tight.pixel24) {
289- tight_pack24(vs, vs->tight.tight.buffer, 1, &vs->tight.tight.offset);
290+ if (vs->tight->pixel24) {
291+ tight_pack24(vs, vs->tight->tight.buffer, 1, &vs->tight->tight.offset);
292 bytes = 3;
293 } else {
294 bytes = vs->client_pf.bytes_per_pixel;
295 }
296
297- vnc_write(vs, vs->tight.tight.buffer, bytes);
298+ vnc_write(vs, vs->tight->tight.buffer, bytes);
299 return 1;
300 }
301
302@@ -963,7 +964,7 @@ static int send_mono_rect(VncState *vs, int x, int y,
303 {
304 ssize_t bytes;
305 int stream = 1;
306- int level = tight_conf[vs->tight.compression].mono_zlib_level;
307+ int level = tight_conf[vs->tight->compression].mono_zlib_level;
308
309 #ifdef CONFIG_VNC_PNG
310 if (tight_can_send_png_rect(vs, w, h)) {
311@@ -991,26 +992,26 @@ static int send_mono_rect(VncState *vs, int x, int y,
312 uint32_t buf[2] = {bg, fg};
313 size_t ret = sizeof (buf);
314
315- if (vs->tight.pixel24) {
316+ if (vs->tight->pixel24) {
317 tight_pack24(vs, (unsigned char*)buf, 2, &ret);
318 }
319 vnc_write(vs, buf, ret);
320
321- tight_encode_mono_rect32(vs->tight.tight.buffer, w, h, bg, fg);
322+ tight_encode_mono_rect32(vs->tight->tight.buffer, w, h, bg, fg);
323 break;
324 }
325 case 2:
326 vnc_write(vs, &bg, 2);
327 vnc_write(vs, &fg, 2);
328- tight_encode_mono_rect16(vs->tight.tight.buffer, w, h, bg, fg);
329+ tight_encode_mono_rect16(vs->tight->tight.buffer, w, h, bg, fg);
330 break;
331 default:
332 vnc_write_u8(vs, bg);
333 vnc_write_u8(vs, fg);
334- tight_encode_mono_rect8(vs->tight.tight.buffer, w, h, bg, fg);
335+ tight_encode_mono_rect8(vs->tight->tight.buffer, w, h, bg, fg);
336 break;
337 }
338- vs->tight.tight.offset = bytes;
339+ vs->tight->tight.offset = bytes;
340
341 bytes = tight_compress_data(vs, stream, bytes, level, Z_DEFAULT_STRATEGY);
342 return (bytes >= 0);
343@@ -1040,7 +1041,7 @@ static void write_palette(int idx, uint32_t color, void *opaque)
344 static bool send_gradient_rect(VncState *vs, int x, int y, int w, int h)
345 {
346 int stream = 3;
347- int level = tight_conf[vs->tight.compression].gradient_zlib_level;
348+ int level = tight_conf[vs->tight->compression].gradient_zlib_level;
349 ssize_t bytes;
350
351 if (vs->client_pf.bytes_per_pixel == 1) {
352@@ -1050,23 +1051,23 @@ static bool send_gradient_rect(VncState *vs, int x, int y, int w, int h)
353 vnc_write_u8(vs, (stream | VNC_TIGHT_EXPLICIT_FILTER) << 4);
354 vnc_write_u8(vs, VNC_TIGHT_FILTER_GRADIENT);
355
356- buffer_reserve(&vs->tight.gradient, w * 3 * sizeof (int));
357+ buffer_reserve(&vs->tight->gradient, w * 3 * sizeof(int));
358
359- if (vs->tight.pixel24) {
360- tight_filter_gradient24(vs, vs->tight.tight.buffer, w, h);
361+ if (vs->tight->pixel24) {
362+ tight_filter_gradient24(vs, vs->tight->tight.buffer, w, h);
363 bytes = 3;
364 } else if (vs->client_pf.bytes_per_pixel == 4) {
365- tight_filter_gradient32(vs, (uint32_t *)vs->tight.tight.buffer, w, h);
366+ tight_filter_gradient32(vs, (uint32_t *)vs->tight->tight.buffer, w, h);
367 bytes = 4;
368 } else {
369- tight_filter_gradient16(vs, (uint16_t *)vs->tight.tight.buffer, w, h);
370+ tight_filter_gradient16(vs, (uint16_t *)vs->tight->tight.buffer, w, h);
371 bytes = 2;
372 }
373
374- buffer_reset(&vs->tight.gradient);
375+ buffer_reset(&vs->tight->gradient);
376
377 bytes = w * h * bytes;
378- vs->tight.tight.offset = bytes;
379+ vs->tight->tight.offset = bytes;
380
381 bytes = tight_compress_data(vs, stream, bytes,
382 level, Z_FILTERED);
383@@ -1077,7 +1078,7 @@ static int send_palette_rect(VncState *vs, int x, int y,
384 int w, int h, VncPalette *palette)
385 {
386 int stream = 2;
387- int level = tight_conf[vs->tight.compression].idx_zlib_level;
388+ int level = tight_conf[vs->tight->compression].idx_zlib_level;
389 int colors;
390 ssize_t bytes;
391
392@@ -1104,12 +1105,12 @@ static int send_palette_rect(VncState *vs, int x, int y,
393 palette_iter(palette, write_palette, &priv);
394 vnc_write(vs, header, sizeof(header));
395
396- if (vs->tight.pixel24) {
397+ if (vs->tight->pixel24) {
398 tight_pack24(vs, vs->output.buffer + old_offset, colors, &offset);
399 vs->output.offset = old_offset + offset;
400 }
401
402- tight_encode_indexed_rect32(vs->tight.tight.buffer, w * h, palette);
403+ tight_encode_indexed_rect32(vs->tight->tight.buffer, w * h, palette);
404 break;
405 }
406 case 2:
407@@ -1119,7 +1120,7 @@ static int send_palette_rect(VncState *vs, int x, int y,
408
409 palette_iter(palette, write_palette, &priv);
410 vnc_write(vs, header, sizeof(header));
411- tight_encode_indexed_rect16(vs->tight.tight.buffer, w * h, palette);
412+ tight_encode_indexed_rect16(vs->tight->tight.buffer, w * h, palette);
413 break;
414 }
415 default:
416@@ -1127,7 +1128,7 @@ static int send_palette_rect(VncState *vs, int x, int y,
417 break;
418 }
419 bytes = w * h;
420- vs->tight.tight.offset = bytes;
421+ vs->tight->tight.offset = bytes;
422
423 bytes = tight_compress_data(vs, stream, bytes,
424 level, Z_DEFAULT_STRATEGY);
425@@ -1146,7 +1147,7 @@ static int send_palette_rect(VncState *vs, int x, int y,
426 static void jpeg_init_destination(j_compress_ptr cinfo)
427 {
428 VncState *vs = cinfo->client_data;
429- Buffer *buffer = &vs->tight.jpeg;
430+ Buffer *buffer = &vs->tight->jpeg;
431
432 cinfo->dest->next_output_byte = (JOCTET *)buffer->buffer + buffer->offset;
433 cinfo->dest->free_in_buffer = (size_t)(buffer->capacity - buffer->offset);
434@@ -1156,7 +1157,7 @@ static void jpeg_init_destination(j_compress_ptr cinfo)
435 static boolean jpeg_empty_output_buffer(j_compress_ptr cinfo)
436 {
437 VncState *vs = cinfo->client_data;
438- Buffer *buffer = &vs->tight.jpeg;
439+ Buffer *buffer = &vs->tight->jpeg;
440
441 buffer->offset = buffer->capacity;
442 buffer_reserve(buffer, 2048);
443@@ -1168,7 +1169,7 @@ static boolean jpeg_empty_output_buffer(j_compress_ptr cinfo)
444 static void jpeg_term_destination(j_compress_ptr cinfo)
445 {
446 VncState *vs = cinfo->client_data;
447- Buffer *buffer = &vs->tight.jpeg;
448+ Buffer *buffer = &vs->tight->jpeg;
449
450 buffer->offset = buffer->capacity - cinfo->dest->free_in_buffer;
451 }
452@@ -1187,7 +1188,7 @@ static int send_jpeg_rect(VncState *vs, int x, int y, int w, int h, int quality)
453 return send_full_color_rect(vs, x, y, w, h);
454 }
455
456- buffer_reserve(&vs->tight.jpeg, 2048);
457+ buffer_reserve(&vs->tight->jpeg, 2048);
458
459 cinfo.err = jpeg_std_error(&jerr);
460 jpeg_create_compress(&cinfo);
461@@ -1222,9 +1223,9 @@ static int send_jpeg_rect(VncState *vs, int x, int y, int w, int h, int quality)
462
463 vnc_write_u8(vs, VNC_TIGHT_JPEG << 4);
464
465- tight_send_compact_size(vs, vs->tight.jpeg.offset);
466- vnc_write(vs, vs->tight.jpeg.buffer, vs->tight.jpeg.offset);
467- buffer_reset(&vs->tight.jpeg);
468+ tight_send_compact_size(vs, vs->tight->jpeg.offset);
469+ vnc_write(vs, vs->tight->jpeg.buffer, vs->tight->jpeg.offset);
470+ buffer_reset(&vs->tight->jpeg);
471
472 return 1;
473 }
474@@ -1240,7 +1241,7 @@ static void write_png_palette(int idx, uint32_t pix, void *opaque)
475 VncState *vs = priv->vs;
476 png_colorp color = &priv->png_palette[idx];
477
478- if (vs->tight.pixel24)
479+ if (vs->tight->pixel24)
480 {
481 color->red = (pix >> vs->client_pf.rshift) & vs->client_pf.rmax;
482 color->green = (pix >> vs->client_pf.gshift) & vs->client_pf.gmax;
483@@ -1267,10 +1268,10 @@ static void png_write_data(png_structp png_ptr, png_bytep data,
484 {
485 VncState *vs = png_get_io_ptr(png_ptr);
486
487- buffer_reserve(&vs->tight.png, vs->tight.png.offset + length);
488- memcpy(vs->tight.png.buffer + vs->tight.png.offset, data, length);
489+ buffer_reserve(&vs->tight->png, vs->tight->png.offset + length);
490+ memcpy(vs->tight->png.buffer + vs->tight->png.offset, data, length);
491
492- vs->tight.png.offset += length;
493+ vs->tight->png.offset += length;
494 }
495
496 static void png_flush_data(png_structp png_ptr)
497@@ -1295,8 +1296,8 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h,
498 png_infop info_ptr;
499 png_colorp png_palette = NULL;
500 pixman_image_t *linebuf;
501- int level = tight_png_conf[vs->tight.compression].png_zlib_level;
502- int filters = tight_png_conf[vs->tight.compression].png_filters;
503+ int level = tight_png_conf[vs->tight->compression].png_zlib_level;
504+ int filters = tight_png_conf[vs->tight->compression].png_filters;
505 uint8_t *buf;
506 int dy;
507
508@@ -1340,21 +1341,23 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h,
509 png_set_PLTE(png_ptr, info_ptr, png_palette, palette_size(palette));
510
511 if (vs->client_pf.bytes_per_pixel == 4) {
512- tight_encode_indexed_rect32(vs->tight.tight.buffer, w * h, palette);
513+ tight_encode_indexed_rect32(vs->tight->tight.buffer, w * h,
514+ palette);
515 } else {
516- tight_encode_indexed_rect16(vs->tight.tight.buffer, w * h, palette);
517+ tight_encode_indexed_rect16(vs->tight->tight.buffer, w * h,
518+ palette);
519 }
520 }
521
522 png_write_info(png_ptr, info_ptr);
523
524- buffer_reserve(&vs->tight.png, 2048);
525+ buffer_reserve(&vs->tight->png, 2048);
526 linebuf = qemu_pixman_linebuf_create(PIXMAN_BE_r8g8b8, w);
527 buf = (uint8_t *)pixman_image_get_data(linebuf);
528 for (dy = 0; dy < h; dy++)
529 {
530 if (color_type == PNG_COLOR_TYPE_PALETTE) {
531- memcpy(buf, vs->tight.tight.buffer + (dy * w), w);
532+ memcpy(buf, vs->tight->tight.buffer + (dy * w), w);
533 } else {
534 qemu_pixman_linebuf_fill(linebuf, vs->vd->server, w, x, y + dy);
535 }
536@@ -1372,27 +1375,27 @@ static int send_png_rect(VncState *vs, int x, int y, int w, int h,
537
538 vnc_write_u8(vs, VNC_TIGHT_PNG << 4);
539
540- tight_send_compact_size(vs, vs->tight.png.offset);
541- vnc_write(vs, vs->tight.png.buffer, vs->tight.png.offset);
542- buffer_reset(&vs->tight.png);
543+ tight_send_compact_size(vs, vs->tight->png.offset);
544+ vnc_write(vs, vs->tight->png.buffer, vs->tight->png.offset);
545+ buffer_reset(&vs->tight->png);
546 return 1;
547 }
548 #endif /* CONFIG_VNC_PNG */
549
550 static void vnc_tight_start(VncState *vs)
551 {
552- buffer_reset(&vs->tight.tight);
553+ buffer_reset(&vs->tight->tight);
554
555 // make the output buffer be the zlib buffer, so we can compress it later
556- vs->tight.tmp = vs->output;
557- vs->output = vs->tight.tight;
558+ vs->tight->tmp = vs->output;
559+ vs->output = vs->tight->tight;
560 }
561
562 static void vnc_tight_stop(VncState *vs)
563 {
564 // switch back to normal output/zlib buffers
565- vs->tight.tight = vs->output;
566- vs->output = vs->tight.tmp;
567+ vs->tight->tight = vs->output;
568+ vs->output = vs->tight->tmp;
569 }
570
571 static int send_sub_rect_nojpeg(VncState *vs, int x, int y, int w, int h,
572@@ -1426,9 +1429,9 @@ static int send_sub_rect_jpeg(VncState *vs, int x, int y, int w, int h,
573 int ret;
574
575 if (colors == 0) {
576- if (force || (tight_jpeg_conf[vs->tight.quality].jpeg_full &&
577+ if (force || (tight_jpeg_conf[vs->tight->quality].jpeg_full &&
578 tight_detect_smooth_image(vs, w, h))) {
579- int quality = tight_conf[vs->tight.quality].jpeg_quality;
580+ int quality = tight_conf[vs->tight->quality].jpeg_quality;
581
582 ret = send_jpeg_rect(vs, x, y, w, h, quality);
583 } else {
584@@ -1440,9 +1443,9 @@ static int send_sub_rect_jpeg(VncState *vs, int x, int y, int w, int h,
585 ret = send_mono_rect(vs, x, y, w, h, bg, fg);
586 } else if (colors <= 256) {
587 if (force || (colors > 96 &&
588- tight_jpeg_conf[vs->tight.quality].jpeg_idx &&
589+ tight_jpeg_conf[vs->tight->quality].jpeg_idx &&
590 tight_detect_smooth_image(vs, w, h))) {
591- int quality = tight_conf[vs->tight.quality].jpeg_quality;
592+ int quality = tight_conf[vs->tight->quality].jpeg_quality;
593
594 ret = send_jpeg_rect(vs, x, y, w, h, quality);
595 } else {
596@@ -1480,20 +1483,20 @@ static int send_sub_rect(VncState *vs, int x, int y, int w, int h)
597 qemu_thread_atexit_add(&vnc_tight_cleanup_notifier);
598 }
599
600- vnc_framebuffer_update(vs, x, y, w, h, vs->tight.type);
601+ vnc_framebuffer_update(vs, x, y, w, h, vs->tight->type);
602
603 vnc_tight_start(vs);
604 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
605 vnc_tight_stop(vs);
606
607 #ifdef CONFIG_VNC_JPEG
608- if (!vs->vd->non_adaptive && vs->tight.quality != (uint8_t)-1) {
609+ if (!vs->vd->non_adaptive && vs->tight->quality != (uint8_t)-1) {
610 double freq = vnc_update_freq(vs, x, y, w, h);
611
612- if (freq < tight_jpeg_conf[vs->tight.quality].jpeg_freq_min) {
613+ if (freq < tight_jpeg_conf[vs->tight->quality].jpeg_freq_min) {
614 allow_jpeg = false;
615 }
616- if (freq >= tight_jpeg_conf[vs->tight.quality].jpeg_freq_threshold) {
617+ if (freq >= tight_jpeg_conf[vs->tight->quality].jpeg_freq_threshold) {
618 force_jpeg = true;
619 vnc_sent_lossy_rect(vs, x, y, w, h);
620 }
621@@ -1503,7 +1506,7 @@ static int send_sub_rect(VncState *vs, int x, int y, int w, int h)
622 colors = tight_fill_palette(vs, x, y, w * h, &bg, &fg, color_count_palette);
623
624 #ifdef CONFIG_VNC_JPEG
625- if (allow_jpeg && vs->tight.quality != (uint8_t)-1) {
626+ if (allow_jpeg && vs->tight->quality != (uint8_t)-1) {
627 ret = send_sub_rect_jpeg(vs, x, y, w, h, bg, fg, colors,
628 color_count_palette, force_jpeg);
629 } else {
630@@ -1520,7 +1523,7 @@ static int send_sub_rect(VncState *vs, int x, int y, int w, int h)
631
632 static int send_sub_rect_solid(VncState *vs, int x, int y, int w, int h)
633 {
634- vnc_framebuffer_update(vs, x, y, w, h, vs->tight.type);
635+ vnc_framebuffer_update(vs, x, y, w, h, vs->tight->type);
636
637 vnc_tight_start(vs);
638 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
639@@ -1538,8 +1541,8 @@ static int send_rect_simple(VncState *vs, int x, int y, int w, int h,
640 int rw, rh;
641 int n = 0;
642
643- max_size = tight_conf[vs->tight.compression].max_rect_size;
644- max_width = tight_conf[vs->tight.compression].max_rect_width;
645+ max_size = tight_conf[vs->tight->compression].max_rect_size;
646+ max_width = tight_conf[vs->tight->compression].max_rect_width;
647
648 if (split && (w > max_width || w * h > max_size)) {
649 max_sub_width = (w > max_width) ? max_width : w;
650@@ -1648,16 +1651,16 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y,
651
652 if (vs->client_pf.bytes_per_pixel == 4 && vs->client_pf.rmax == 0xFF &&
653 vs->client_pf.bmax == 0xFF && vs->client_pf.gmax == 0xFF) {
654- vs->tight.pixel24 = true;
655+ vs->tight->pixel24 = true;
656 } else {
657- vs->tight.pixel24 = false;
658+ vs->tight->pixel24 = false;
659 }
660
661 #ifdef CONFIG_VNC_JPEG
662- if (vs->tight.quality != (uint8_t)-1) {
663+ if (vs->tight->quality != (uint8_t)-1) {
664 double freq = vnc_update_freq(vs, x, y, w, h);
665
666- if (freq > tight_jpeg_conf[vs->tight.quality].jpeg_freq_threshold) {
667+ if (freq > tight_jpeg_conf[vs->tight->quality].jpeg_freq_threshold) {
668 return send_rect_simple(vs, x, y, w, h, false);
669 }
670 }
671@@ -1669,8 +1672,8 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y,
672
673 /* Calculate maximum number of rows in one non-solid rectangle. */
674
675- max_rows = tight_conf[vs->tight.compression].max_rect_size;
676- max_rows /= MIN(tight_conf[vs->tight.compression].max_rect_width, w);
677+ max_rows = tight_conf[vs->tight->compression].max_rect_size;
678+ max_rows /= MIN(tight_conf[vs->tight->compression].max_rect_width, w);
679
680 return find_large_solid_color_rect(vs, x, y, w, h, max_rows);
681 }
682@@ -1678,33 +1681,33 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y,
683 int vnc_tight_send_framebuffer_update(VncState *vs, int x, int y,
684 int w, int h)
685 {
686- vs->tight.type = VNC_ENCODING_TIGHT;
687+ vs->tight->type = VNC_ENCODING_TIGHT;
688 return tight_send_framebuffer_update(vs, x, y, w, h);
689 }
690
691 int vnc_tight_png_send_framebuffer_update(VncState *vs, int x, int y,
692 int w, int h)
693 {
694- vs->tight.type = VNC_ENCODING_TIGHT_PNG;
695+ vs->tight->type = VNC_ENCODING_TIGHT_PNG;
696 return tight_send_framebuffer_update(vs, x, y, w, h);
697 }
698
699 void vnc_tight_clear(VncState *vs)
700 {
701 int i;
702- for (i=0; i<ARRAY_SIZE(vs->tight.stream); i++) {
703- if (vs->tight.stream[i].opaque) {
704- deflateEnd(&vs->tight.stream[i]);
705+ for (i = 0; i < ARRAY_SIZE(vs->tight->stream); i++) {
706+ if (vs->tight->stream[i].opaque) {
707+ deflateEnd(&vs->tight->stream[i]);
708 }
709 }
710
711- buffer_free(&vs->tight.tight);
712- buffer_free(&vs->tight.zlib);
713- buffer_free(&vs->tight.gradient);
714+ buffer_free(&vs->tight->tight);
715+ buffer_free(&vs->tight->zlib);
716+ buffer_free(&vs->tight->gradient);
717 #ifdef CONFIG_VNC_JPEG
718- buffer_free(&vs->tight.jpeg);
719+ buffer_free(&vs->tight->jpeg);
720 #endif
721 #ifdef CONFIG_VNC_PNG
722- buffer_free(&vs->tight.png);
723+ buffer_free(&vs->tight->png);
724 #endif
725 }
726diff --git a/ui/vnc-enc-zlib.c b/ui/vnc-enc-zlib.c
727index 33e9df2..900ae5b 100644
728--- a/ui/vnc-enc-zlib.c
729+++ b/ui/vnc-enc-zlib.c
730@@ -76,7 +76,8 @@ static int vnc_zlib_stop(VncState *vs)
731 zstream->zalloc = vnc_zlib_zalloc;
732 zstream->zfree = vnc_zlib_zfree;
733
734- err = deflateInit2(zstream, vs->tight.compression, Z_DEFLATED, MAX_WBITS,
735+ err = deflateInit2(zstream, vs->tight->compression, Z_DEFLATED,
736+ MAX_WBITS,
737 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
738
739 if (err != Z_OK) {
740@@ -84,16 +85,16 @@ static int vnc_zlib_stop(VncState *vs)
741 return -1;
742 }
743
744- vs->zlib.level = vs->tight.compression;
745+ vs->zlib.level = vs->tight->compression;
746 zstream->opaque = vs;
747 }
748
749- if (vs->tight.compression != vs->zlib.level) {
750- if (deflateParams(zstream, vs->tight.compression,
751+ if (vs->tight->compression != vs->zlib.level) {
752+ if (deflateParams(zstream, vs->tight->compression,
753 Z_DEFAULT_STRATEGY) != Z_OK) {
754 return -1;
755 }
756- vs->zlib.level = vs->tight.compression;
757+ vs->zlib.level = vs->tight->compression;
758 }
759
760 // reserve memory in output buffer
761diff --git a/ui/vnc-enc-zrle.c b/ui/vnc-enc-zrle.c
762index 7493a84..17fd28a 100644
763--- a/ui/vnc-enc-zrle.c
764+++ b/ui/vnc-enc-zrle.c
765@@ -37,18 +37,18 @@ static const int bits_per_packed_pixel[] = {
766
767 static void vnc_zrle_start(VncState *vs)
768 {
769- buffer_reset(&vs->zrle.zrle);
770+ buffer_reset(&vs->zrle->zrle);
771
772 /* make the output buffer be the zlib buffer, so we can compress it later */
773- vs->zrle.tmp = vs->output;
774- vs->output = vs->zrle.zrle;
775+ vs->zrle->tmp = vs->output;
776+ vs->output = vs->zrle->zrle;
777 }
778
779 static void vnc_zrle_stop(VncState *vs)
780 {
781 /* switch back to normal output/zlib buffers */
782- vs->zrle.zrle = vs->output;
783- vs->output = vs->zrle.tmp;
784+ vs->zrle->zrle = vs->output;
785+ vs->output = vs->zrle->tmp;
786 }
787
788 static void *zrle_convert_fb(VncState *vs, int x, int y, int w, int h,
789@@ -56,24 +56,24 @@ static void *zrle_convert_fb(VncState *vs, int x, int y, int w, int h,
790 {
791 Buffer tmp;
792
793- buffer_reset(&vs->zrle.fb);
794- buffer_reserve(&vs->zrle.fb, w * h * bpp + bpp);
795+ buffer_reset(&vs->zrle->fb);
796+ buffer_reserve(&vs->zrle->fb, w * h * bpp + bpp);
797
798 tmp = vs->output;
799- vs->output = vs->zrle.fb;
800+ vs->output = vs->zrle->fb;
801
802 vnc_raw_send_framebuffer_update(vs, x, y, w, h);
803
804- vs->zrle.fb = vs->output;
805+ vs->zrle->fb = vs->output;
806 vs->output = tmp;
807- return vs->zrle.fb.buffer;
808+ return vs->zrle->fb.buffer;
809 }
810
811 static int zrle_compress_data(VncState *vs, int level)
812 {
813- z_streamp zstream = &vs->zrle.stream;
814+ z_streamp zstream = &vs->zrle->stream;
815
816- buffer_reset(&vs->zrle.zlib);
817+ buffer_reset(&vs->zrle->zlib);
818
819 if (zstream->opaque != vs) {
820 int err;
821@@ -93,13 +93,13 @@ static int zrle_compress_data(VncState *vs, int level)
822 }
823
824 /* reserve memory in output buffer */
825- buffer_reserve(&vs->zrle.zlib, vs->zrle.zrle.offset + 64);
826+ buffer_reserve(&vs->zrle->zlib, vs->zrle->zrle.offset + 64);
827
828 /* set pointers */
829- zstream->next_in = vs->zrle.zrle.buffer;
830- zstream->avail_in = vs->zrle.zrle.offset;
831- zstream->next_out = vs->zrle.zlib.buffer + vs->zrle.zlib.offset;
832- zstream->avail_out = vs->zrle.zlib.capacity - vs->zrle.zlib.offset;
833+ zstream->next_in = vs->zrle->zrle.buffer;
834+ zstream->avail_in = vs->zrle->zrle.offset;
835+ zstream->next_out = vs->zrle->zlib.buffer + vs->zrle->zlib.offset;
836+ zstream->avail_out = vs->zrle->zlib.capacity - vs->zrle->zlib.offset;
837 zstream->data_type = Z_BINARY;
838
839 /* start encoding */
840@@ -108,8 +108,8 @@ static int zrle_compress_data(VncState *vs, int level)
841 return -1;
842 }
843
844- vs->zrle.zlib.offset = vs->zrle.zlib.capacity - zstream->avail_out;
845- return vs->zrle.zlib.offset;
846+ vs->zrle->zlib.offset = vs->zrle->zlib.capacity - zstream->avail_out;
847+ return vs->zrle->zlib.offset;
848 }
849
850 /* Try to work out whether to use RLE and/or a palette. We do this by
851@@ -259,14 +259,14 @@ static int zrle_send_framebuffer_update(VncState *vs, int x, int y,
852 size_t bytes;
853 int zywrle_level;
854
855- if (vs->zrle.type == VNC_ENCODING_ZYWRLE) {
856- if (!vs->vd->lossy || vs->tight.quality == (uint8_t)-1
857- || vs->tight.quality == 9) {
858+ if (vs->zrle->type == VNC_ENCODING_ZYWRLE) {
859+ if (!vs->vd->lossy || vs->tight->quality == (uint8_t)-1
860+ || vs->tight->quality == 9) {
861 zywrle_level = 0;
862- vs->zrle.type = VNC_ENCODING_ZRLE;
863- } else if (vs->tight.quality < 3) {
864+ vs->zrle->type = VNC_ENCODING_ZRLE;
865+ } else if (vs->tight->quality < 3) {
866 zywrle_level = 3;
867- } else if (vs->tight.quality < 6) {
868+ } else if (vs->tight->quality < 6) {
869 zywrle_level = 2;
870 } else {
871 zywrle_level = 1;
872@@ -337,30 +337,30 @@ static int zrle_send_framebuffer_update(VncState *vs, int x, int y,
873
874 vnc_zrle_stop(vs);
875 bytes = zrle_compress_data(vs, Z_DEFAULT_COMPRESSION);
876- vnc_framebuffer_update(vs, x, y, w, h, vs->zrle.type);
877+ vnc_framebuffer_update(vs, x, y, w, h, vs->zrle->type);
878 vnc_write_u32(vs, bytes);
879- vnc_write(vs, vs->zrle.zlib.buffer, vs->zrle.zlib.offset);
880+ vnc_write(vs, vs->zrle->zlib.buffer, vs->zrle->zlib.offset);
881 return 1;
882 }
883
884 int vnc_zrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
885 {
886- vs->zrle.type = VNC_ENCODING_ZRLE;
887+ vs->zrle->type = VNC_ENCODING_ZRLE;
888 return zrle_send_framebuffer_update(vs, x, y, w, h);
889 }
890
891 int vnc_zywrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
892 {
893- vs->zrle.type = VNC_ENCODING_ZYWRLE;
894+ vs->zrle->type = VNC_ENCODING_ZYWRLE;
895 return zrle_send_framebuffer_update(vs, x, y, w, h);
896 }
897
898 void vnc_zrle_clear(VncState *vs)
899 {
900- if (vs->zrle.stream.opaque) {
901- deflateEnd(&vs->zrle.stream);
902+ if (vs->zrle->stream.opaque) {
903+ deflateEnd(&vs->zrle->stream);
904 }
905- buffer_free(&vs->zrle.zrle);
906- buffer_free(&vs->zrle.fb);
907- buffer_free(&vs->zrle.zlib);
908+ buffer_free(&vs->zrle->zrle);
909+ buffer_free(&vs->zrle->fb);
910+ buffer_free(&vs->zrle->zlib);
911 }
912diff --git a/ui/vnc-enc-zrle.inc.c b/ui/vnc-enc-zrle.inc.c
913index abf6b86..c107d8a 100644
914--- a/ui/vnc-enc-zrle.inc.c
915+++ b/ui/vnc-enc-zrle.inc.c
916@@ -96,7 +96,7 @@ static void ZRLE_ENCODE(VncState *vs, int x, int y, int w, int h,
917 static void ZRLE_ENCODE_TILE(VncState *vs, ZRLE_PIXEL *data, int w, int h,
918 int zywrle_level)
919 {
920- VncPalette *palette = &vs->zrle.palette;
921+ VncPalette *palette = &vs->zrle->palette;
922
923 int runs = 0;
924 int single_pixels = 0;
925diff --git a/ui/vnc.c b/ui/vnc.c
926index bc43c4c..87b8045 100644
927--- a/ui/vnc.c
928+++ b/ui/vnc.c
929@@ -1307,6 +1307,8 @@ void vnc_disconnect_finish(VncState *vs)
930 object_unref(OBJECT(vs->sioc));
931 vs->sioc = NULL;
932 vs->magic = 0;
933+ g_free(vs->zrle);
934+ g_free(vs->tight);
935 g_free(vs);
936 }
937
938@@ -2058,8 +2060,8 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
939
940 vs->features = 0;
941 vs->vnc_encoding = 0;
942- vs->tight.compression = 9;
943- vs->tight.quality = -1; /* Lossless by default */
944+ vs->tight->compression = 9;
945+ vs->tight->quality = -1; /* Lossless by default */
946 vs->absolute = -1;
947
948 /*
949@@ -2127,11 +2129,11 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
950 vs->features |= VNC_FEATURE_LED_STATE_MASK;
951 break;
952 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
953- vs->tight.compression = (enc & 0x0F);
954+ vs->tight->compression = (enc & 0x0F);
955 break;
956 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
957 if (vs->vd->lossy) {
958- vs->tight.quality = (enc & 0x0F);
959+ vs->tight->quality = (enc & 0x0F);
960 }
961 break;
962 default:
963@@ -3034,6 +3036,8 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
964 int i;
965
966 trace_vnc_client_connect(vs, sioc);
967+ vs->zrle = g_new0(VncZrle, 1);
968+ vs->tight = g_new0(VncTight, 1);
969 vs->magic = VNC_MAGIC;
970 vs->sioc = sioc;
971 object_ref(OBJECT(vs->sioc));
972@@ -3045,19 +3049,19 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
973 buffer_init(&vs->output, "vnc-output/%p", sioc);
974 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
975
976- buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
977- buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
978- buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
979+ buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
980+ buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
981+ buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
982 #ifdef CONFIG_VNC_JPEG
983- buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
984+ buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
985 #endif
986 #ifdef CONFIG_VNC_PNG
987- buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
988+ buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
989 #endif
990 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
991- buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
992- buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
993- buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
994+ buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
995+ buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
996+ buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
997
998 if (skipauth) {
999 vs->auth = VNC_AUTH_NONE;
1000diff --git a/ui/vnc.h b/ui/vnc.h
1001index 8643860..fea79c2 100644
1002--- a/ui/vnc.h
1003+++ b/ui/vnc.h
1004@@ -338,10 +338,10 @@ struct VncState
1005 /* Encoding specific, if you add something here, don't forget to
1006 * update vnc_async_encoding_start()
1007 */
1008- VncTight tight;
1009+ VncTight *tight;
1010 VncZlib zlib;
1011 VncHextile hextile;
1012- VncZrle zrle;
1013+ VncZrle *zrle;
1014 VncZywrle zywrle;
1015
1016 Notifier mouse_mode_notifier;
1017--
10181.8.3.1
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-18 02:35:53 +0000