spice: fix coverity reported defect in display code

Report:

1. Condition surface, taking false branch
406    if (surface && ssd->surface &&
407        surface_width(surface) == pixman_image_get_width(ssd->surface) &&
408        surface_height(surface) == pixman_image_get_height(ssd->surface)) {
409        /* no-resize fast path: just swap backing store */
...

10. alias_transfer: Assigning: ssd->ds = surface.
440    ssd->ds = surface;

11. var_deref_op: Dereferencing null pointer ssd->ds.
CID 1264334 (#1 of 1): Dereference after null check (FORWARD_NULL)
441    ssd->surface = pixman_image_ref(ssd->ds->image);

Fix:

Move code block dereferencing ssd->ds into the already existing
if (ssd->ds) { ... } block.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

diff --git a/ui/spice-display.c b/ui/spice-display.c
index 8c87212..1644185 100644 (file)
--- a/ui/spice-display.c
+++ b/ui/spice-display.c
@@ -438,9 +438,6 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd,
     qemu_mutex_lock(&ssd->lock);
     need_destroy = (ssd->ds != NULL);
     ssd->ds = surface;
-    ssd->surface = pixman_image_ref(ssd->ds->image);
-    ssd->mirror  = qemu_pixman_mirror_create(ssd->ds->format,
-                                             ssd->ds->image);
     while ((update = QTAILQ_FIRST(&ssd->updates)) != NULL) {
         QTAILQ_REMOVE(&ssd->updates, update, next);
         qemu_spice_destroy_update(ssd, update);
@@ -450,6 +447,9 @@ void qemu_spice_display_switch(SimpleSpiceDisplay *ssd,
         qemu_spice_destroy_host_primary(ssd);
     }
     if (ssd->ds) {
+        ssd->surface = pixman_image_ref(ssd->ds->image);
+        ssd->mirror  = qemu_pixman_mirror_create(ssd->ds->format,
+                                                 ssd->ds->image);
         qemu_spice_create_host_primary(ssd);
     }