david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vnc: fix overflow in vnc_update_stats

Browse Source 
Commit "bea60dd ui/vnc: fix potential memory corruption issues" is
incomplete.  vnc_update_stats must calculate width and height the same
way vnc_refresh_server_surface does it, to make sure we don't use width
and height values larger than the qemu vnc server can handle.

Commit "e22492d ui/vnc: disable adaptive update calculations if not
needed" masks the issue in the default configuration.  It triggers only
in case the "lossy" option is set to "on" (default is "off").

Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1485248428-575-1-git-send-email-kraxel@redhat.com
This commit is contained in:
Gerd Hoffmann 2017-01-24 10:00:28 +01:00
parent 51e0b65453
commit eebe0b7905
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ui/vnc.c
View File

@ -2724,8 +2724,10 @@ static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
{ {
int width = pixman_image_get_width(vd->guest.fb); int width = MIN(pixman_image_get_width(vd->guest.fb),
int height = pixman_image_get_height(vd->guest.fb); pixman_image_get_width(vd->server));
int height = MIN(pixman_image_get_height(vd->guest.fb),
pixman_image_get_height(vd->server));
int x, y; int x, y;
struct timeval res; struct timeval res;
int has_dirty = 0; int has_dirty = 0;