Check for MELCSTATES - 1 to get inside the branch, otherwise
(...)->rgb_state.melcstate may be up to MELCSTATES after the
pre-incrementing, which would result in an access to a position
that is out bounds of the array size MELCSTATES.
These 2 files are not build as part of spice-common
build system, but modules using spice-common will build
them with the appropriate options. We need to let automake
know that these are source files so that it can properly
track these files dependencies.
Without this change, when eg spice-gtk switches to use 'subdir-objects'
to build sw_canvas.c as recommended by automake 1.14, the build
will fail because $(top_srcdir)/spice-common/common/.deps/sw_canvas.Plo
will not have been generated.
Now that they are created in $builddir, their includes will need to refer
to files in $srcdir, which can be different. It's cleaner to add
-I $(top_srcdir)/spice-common/ to modules using spice-common rather than
having -I $(top_srcdir)/spice-common/common which would could create header
collisions.
The rules to generate the .c/.h (de)marshalling files have targets based in
$builddir, but the CLIENT_MARSHALLERS/SERVER_MARSHALLERS list refer to
files in $srcdir.
When using a $srcdir != $builddir, these $srcdir files will not exist, and
it will not be possible to generate them, which causes the build to fail.
When using $srcdir == $builddir from git or from tarballs, this will not
make a difference. When building from git, if $srcdir and $builddir are the
same, then the files will be found regardless of if we look for them in
$srcdir or $builddir as they are the same.
In tarballs, the files will be shipped with the tarball and thus available
in $srcdir. As $builddir is the same as $srcdir, the files will already
exist and not be regenerated.
The only change of behaviour will be when using a tarball and doing a
$srcdir != $builddir build. In this case, the files will need to be
regenerated, so the tools needed for that must be installed on the
machine doing the build.
find_model_params() is first doing *nbuckets = 0; and it then checks
nbuckets for NULL. This is redundant as the dereferencing would cause a
segfault if nbuckets was NULL, so the if (nbuckets) test can't be false.
As Uri pointed out, the "/* bucket start */" comment on the same line
probably implies that the test was meant to be 'if (*nbuckets)'
I've ran a few test and I did not observe issues because of it...
If verify_subject() is called with a SpiceOpenSSLVerify struct containing a
non-NULL 'in_subject' member, it would try to use the local 'in_entries'
variable without having initialized it first. This could happen if
verify_subject() was called multiple time with the same SpiceOpenSSLVerify
context, which probably isn't occurring the way we are using it.
However, since verify_subject() is the only method which needs in_subject,
we don't need to have it stored in SpiceOpenSSLVerify, and we can
recreate it as needed locally in that method, which avoids that issue.
Unhandled values call an error callback, and then fall through the default:
case, which will call again the error callback. This commit adds some
break; after these cases to avoid this.
We are mostly likely not running as root, so this call will fail. As we are
supposed to check its return value as it's declared with
warn_unused_result, the current way of using it is wrong, so this commit just
removes the call.
Currently, SSL verification of the peer certificate checks if
the certificate's subject CN or one of its subjectAltName match
the hostname. If this succeeds, then the verification succeeds.
Otherwise openssl_verify() checks the cert subject if this was set,
which means it checks the certificate's subject (not just its CN) matches
exactly the cert subject string that is set in SpiceSession.
Given that the cert subject is something the user specifies in addition
to the hostname, the cert subject check should have priority over the
hostname check, that is, when we have a cert subject set, the
success/failure of the cert subject cert should determine the
success/failure of openssl_verify(), and the hostname check
should only be carried out when no cert subject was set.
This fixes rhbz#871034
We currently log an error when openssl_verify() is called with
preverify_ok set to 0 for all certificates in the certificate chain
except for the peer certificate (when 'depth' is 0).
This commit logs an error in the latter case as well.
I don't see why the fallback method should be the default.
glCopyTexImage2D and glCopyPixels are equally broken with current Intel
mesa/drivers (I'll be filing a bug). But sw rendering is correct.
We can avoid repetitive computation by using two precomputed array, of
8k each.
before:
1.79% lt-spicy-stats libspice-client-glib-2.0.so.8.4.0 [.]
golomb_code_len_8bpc
after:
0.79% lt-spicy-stats libspice-client-glib-2.0.so.8.4.0 [.]
golomb_code_len_8bpc
Thos function shows up in some profiling results, it seems we can
trivially replace it with a precomputed array of 256bytes.
before:
5.66% 691 lt-spicy-stats
libspice-client-glib-2.0.so.8.4.0 [.] revers_bits
after:
0.53% 64 lt-spicy-stats
libspice-client-glib-2.0.so.8.4.0 [.] revers_bits
We currently use it only on gcc 4.5 or newer, but it was actually
introduced much earlier than that. It's documented in gcc 2.95.3
manual:
http://gcc.gnu.org/onlinedocs/gcc-2.95.3/gcc_4.html#SEC84
and glib uses starting from gcc 2.2.5.
This commit uses the same minimum version as glib.
This was causing warnings on RHEL6 systems which have gcc 4.4.7
SPICE_MSG_PLAYBACK_LATENCY is intended for adjusting the
latency of the audio playback. It is used for synchronizing
the audio and video playback.
The corresponding capability is SPICE_PLAYBACK_CAP_LATENCY.
If the server & client support SPICE_DISPLAY_CAP_STREAM_REPORT,
the server first sends SPICE_MSG_DISPLAY_STREAM_ACTIVATE_REPORT. Then,
the client periodically sends SPICE_MSGC_DISPLAY_STREAM_REPORT
messages that supply the server details about the current quality of
the video streaming on the client side. The server analyses the
report and adjust the stream parameters accordingly.
In addition to Laszlo's commit fixing rhbz#928973, we can add
some compile-time assertion to lz_common.h to help catch similar
bugs in the future.
This uses gnulib's verify.h to make sure at compile-time that
the various constant arrays used in lz_common.h are of the expected
size.
I've checked that before Laszlo's patch, the assert triggers, and
that it's gone after it.
The IS_IMAGE_TYPE_PLT and IS_IMAGE_TYPE_RGB arrays are supposed to decide
whether each image type is PLT or RGB. Dependent on the result, one of the
PLT_PIXELS_PER_BYTE and RGB_BYTES_PER_PIXEL arrays can be indexed.
Commit c0b048eb introduced the LZ_IMAGE_TYPE_A8 enum constant and grew the
RGB_BYTES_PER_PIXEL array by one element, but it missed to append a zero
to IS_IMAGE_TYPE_PLT, and a one to IS_IMAGE_TYPE_RGB. Do so now.
Related RHBZ: 928973.
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Author: Serge Hallyn <serge.hallyn@ubuntu.com>
This is a trivial typecast fix, -- all surrounding
lines cast lines_end to PIXEL* but one is apparently
forgotten. This fixes a compiler warning about
incompatible types in assignment.
Fixes: fedora 875348, 826036
When an image is not rendered, we still need to check if it contains
a palette that needs to be cached.
This bug caused the client to crash due to not finding palettes
in the cache.
A Spice port channel carry arbitrary data between the Spice client and
the Spice server. It may be used to provide additional services on top
of a Spice connection. For example, a channel can be associated with
the qemu monitor for the client to interact with it, just like any
qemu chardev. Or it may be used with various protocols, such as the
Spice Controller.
A port kind is identified simply by its fqdn, such as org.qemu.monitor,
org.spice.spicy.test or org.ovirt.controller...
The channel is based on Spicevmc which simply tunnels data between
client and server. A few messages have been added:
SPICE_MSG_PORT_INIT: Describes the port state and fqdn name, should be
sent only once when the client connects.
SPICE_MSG_PORT_EVENT: Server port event. SPICE_PORT_EVENT_OPENED and
SPICE_PORT_EVENT_CLOSED are typical values when the chardev is opened
or closed.
SPICE_MSGC_PORT_EVENT: Client port event.
When the server certificate is not being signed by the provided CA,
the SSL debug message is currently for example:
ssl_verify.c:428:openssl_verify: openssl verify:num=19:self signed
certificate in certificate chain:depth=1:/C=IL/L=Raanana/O=Red
Hat/CN=my CA
Add a more explicit debug message too, as requested in bug:
https://bugzilla.redhat.com/show_bug.cgi?id=846666
The release tarballs ship with the generated files to avoid extra
build work and dependency. However, build was still tiggering a
regenration, because of Makefile change.
Avoid required rebuild when running ./configure (generating Makefile),
there is no variable that could be tweaked, afaict.
This file was hand generated until now, resulting in the wierd situation where
it is different for spice-gtk and spice-server even though they both use the
same spice-common and spice-protocol (or at least close) versions.
This patch generates the enums.h files from spice-common. While that file is
actually in the spice-protocol submodule, it cannot be generated from
spice-protocol since it lacks access to spice.proto and spice_codegen.py. So in
affect whenvever it will differ the spice-protocol module will become dirty and
hence hopefully commited with the new enums.h.
enums.h is generated from spice.proto is a superset of that generated from spice1.proto.
