Currently writing to buffers is protected by buffer_reserve.
Unfortunately, is reserves at most 1024 bytes more than we currently
have, so if we want to write a 2048 bytes chunk, we overwrite
random memory.
This patch addresses this in a pretty dumb but easy way.
Signed-off-by: Alexander Graf <address@hidden>
---
vnc.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/vnc.c b/vnc.c
index 4b17f85..d0d9580 100644
--- a/vnc.c
+++ b/vnc.c
@@ -592,7 +592,7 @@ static int vnc_listen_poll(void *opaque)
static void buffer_reserve(Buffer *buffer, size_t len)
{
- if ((buffer->capacity - buffer->offset) < len) {
+ while ((buffer->capacity - buffer->offset) < len) {
buffer->capacity += (len + 1024);