[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] vnc: fix overflow in vnc_update_stats
From: |
Marc-André Lureau |
Subject: |
Re: [Qemu-devel] [PATCH] vnc: fix overflow in vnc_update_stats |
Date: |
Tue, 24 Jan 2017 04:09:00 -0500 (EST) |
Hi
----- Original Message -----
> Commit "bea60dd ui/vnc: fix potential memory corruption issues" is
> incomplete. vnc_update_stats must calculate width and height the same
> way vnc_refresh_server_surface does it, to make sure we don't use width
> and height values larger than the qemu vnc server can handle.
>
> Commit "e22492d ui/vnc: disable adaptive update calculations if not
> needed" masks the issue in the default configuration. It triggers only
> in case the "lossy" option is set to "on" (default is "off").
>
> Cc: Marc-André Lureau <address@hidden>
> Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
> ---
> ui/vnc.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 29aa9c4..e7c029d 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -2756,8 +2756,10 @@ static int vnc_refresh_lossy_rect(VncDisplay *vd, int
> x, int y)
>
> static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
> {
> - int width = pixman_image_get_width(vd->guest.fb);
> - int height = pixman_image_get_height(vd->guest.fb);
> + int width = MIN(pixman_image_get_width(vd->guest.fb),
> + pixman_image_get_width(vd->server));
> + int height = MIN(pixman_image_get_height(vd->guest.fb),
> + pixman_image_get_height(vd->server));
> int x, y;
> struct timeval res;
> int has_dirty = 0;
> --
> 1.8.3.1
>
>