]> git.proxmox.com Git - mirror_qemu.git/commitdiff
projects / mirror_qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 175b2a6)
vnc: Limit r/w access to size of allocated memory
authorStefan Weil <weil@mail.berlios.de>
Wed, 14 Mar 2012 06:58:48 +0000 (07:58 +0100)
committerAnthony Liguori <aliguori@us.ibm.com>
Wed, 14 Mar 2012 21:22:46 +0000 (16:22 -0500)
This fixes memory reads and writes which exceeded the upper limit
of allocated memory vd->guest.ds->data and vd->server->data.

Cc: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Stefan Weil <weil@mail.berlios.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
ui/vnc.c patch | blob | blame | history

diff --git a/ui/vnc.c b/ui/vnc.c
index aef6d3af2607a1260ed1fbd16849a84c6dfdc8ec..deb9ecd68188510eb117f14328730007054da9d4 100644 (file)
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2562,6 +2562,9 @@ static int vnc_refresh_server_surface(VncDisplay *vd)
      * Update server dirty map.
      */
     cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
+    if (cmp_bytes > vd->ds->surface->linesize) {
+        cmp_bytes = vd->ds->surface->linesize;
+    }
     guest_row  = vd->guest.ds->data;
     server_row = vd->server->data;
     for (y = 0; y < vd->guest.ds->height; y++) {
QEMU mirror