david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vnc: Limit r/w access to size of allocated memory

Browse Source 
This fixes memory reads and writes which exceeded the upper limit
of allocated memory vd->guest.ds->data and vd->server->data.

Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
Stefan Weil 2012-03-14 07:58:48 +01:00 committed by Anthony Liguori
parent 175b2a6e4b
commit 9e4dd565b4
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ui/vnc.c
View File

@ -2562,6 +2562,9 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
* Update server dirty map. * Update server dirty map.
*/ */
cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds); cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
if (cmp_bytes > vd->ds->surface->linesize) {
cmp_bytes = vd->ds->surface->linesize;
}
guest_row = vd->guest.ds->data; guest_row = vd->guest.ds->data;
server_row = vd->server->data; server_row = vd->server->data;
for (y = 0; y < vd->guest.ds->height; y++) { for (y = 0; y < vd->guest.ds->height; y++) {