[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 4/4] vnc: Limit r/w access to size of allocated
From: |
Aurelien Jarno |
Subject: |
Re: [Qemu-devel] [PATCH 4/4] vnc: Limit r/w access to size of allocated memory |
Date: |
Sun, 10 Apr 2011 00:17:39 +0200 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Mon, Mar 21, 2011 at 09:34:38AM +0100, Corentin Chary wrote:
> From: Stefan Weil <address@hidden>
>
> This fixes memory reads and writes which exceeded the upper limit
> of allocated memory vd->guest.ds->data and vd->server->data.
>
> Cc: Anthony Liguori <address@hidden>
> Signed-off-by: Stefan Weil <address@hidden>
> Signed-off-by: Corentin Chary <address@hidden>
> ---
> ui/vnc.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 90b6384..3138053 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2414,6 +2414,9 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
> * Update server dirty map.
> */
> cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
> + if (cmp_bytes > vd->ds->surface->linesize) {
> + cmp_bytes = vd->ds->surface->linesize;
> + }
What about using ds_get_linesize(vd->ds) instead?
> guest_row = vd->guest.ds->data;
> server_row = vd->server->data;
> for (y = 0; y < vd->guest.ds->height; y++) {
> --
> 1.7.3.4
>
>
>
--
Aurelien Jarno GPG: 1024D/F1BCDB73
address@hidden http://www.aurel32.net
- Re: [Qemu-devel] [PATCH 4/4] vnc: Limit r/w access to size of allocated memory,
Aurelien Jarno <=