[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH] vnc: tight: Fix crash after 2GB of output
From: |
Roland Dreier |
Subject: |
[Qemu-devel] [PATCH] vnc: tight: Fix crash after 2GB of output |
Date: |
Thu, 3 Mar 2011 16:57:45 -0800 |
From: Roland Dreier <address@hidden>
If one leaves a VNC session with tight compression running for long
enough, Qemu crashes. This is because of the computation
bytes = zstream->total_out - previous_out;
in tight_compress_data, where zstream->total_out is a uLong but
previous_out is an int. As soon as zstream->total_out gets past
INT_MAX (ie 2GB), previous_out becomes negative and therefore the
result of the subtraction, bytes, becomes a huge positive number that
causes havoc for obvious reasons when passed as a length to
vnc_write().
The fix for this is simple: keep previous_out as a uLong too, which
avoids any problems with sign conversion or truncation.
Signed-off-by: Roland Dreier <address@hidden>
---
ui/vnc-enc-tight.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
index af45edd..59ec0e3 100644
--- a/ui/vnc-enc-tight.c
+++ b/ui/vnc-enc-tight.c
@@ -829,7 +829,7 @@ static int tight_compress_data(VncState *vs, int stream_id,
size_t bytes,
int level, int strategy)
{
z_streamp zstream = &vs->tight.stream[stream_id];
- int previous_out;
+ uLong previous_out;
if (bytes < VNC_TIGHT_MIN_TO_COMPRESS) {
vnc_write(vs, vs->tight.tight.buffer, vs->tight.tight.offset);
- [Qemu-devel] [PATCH] vnc: tight: Fix crash after 2GB of output,
Roland Dreier <=
- Re: [Qemu-devel] [PATCH] vnc: tight: Fix crash after 2GB of output, Michael Tokarev, 2011/03/04
- Re: [Qemu-devel] [PATCH] vnc: tight: Fix crash after 2GB of output, Corentin Chary, 2011/03/04
- Re: [Qemu-devel] [PATCH] vnc: tight: Fix crash after 2GB of output, Michael Tokarev, 2011/03/04
- Re: [Qemu-devel] [PATCH] vnc: tight: Fix crash after 2GB of output, Corentin Chary, 2011/03/04
- [Qemu-devel] [PATCH][STABLE-0.14] vnc: tight: Fix crash after 2GB of output, Michael Tokarev, 2011/03/05
- [Qemu-devel] Re: [PATCH][STABLE-0.14] vnc: tight: Fix crash after 2GB of output, Corentin Chary, 2011/03/05
- Re: [Qemu-devel] Re: [PATCH][STABLE-0.14] vnc: tight: Fix crash after 2GB of output, Michael Tokarev, 2011/03/05
- Re: [Qemu-devel] Re: [PATCH][STABLE-0.14] vnc: tight: Fix crash after 2GB of output, Corentin Chary, 2011/03/05
Re: [Qemu-devel] [PATCH] vnc: tight: Fix crash after 2GB of output, Roland Dreier, 2011/03/04