[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL 09/10] vnc: fix overflow in vnc_update_stats

From: Gerd Hoffmann
Subject: [Qemu-devel] [PULL 09/10] vnc: fix overflow in vnc_update_stats
Date: Tue, 31 Jan 2017 14:41:45 +0100

Commit "bea60dd ui/vnc: fix potential memory corruption issues" is
incomplete.  vnc_update_stats must calculate width and height the same
way vnc_refresh_server_surface does it, to make sure we don't use width
and height values larger than the qemu vnc server can handle.

Commit "e22492d ui/vnc: disable adaptive update calculations if not
needed" masks the issue in the default configuration.  It triggers only
in case the "lossy" option is set to "on" (default is "off").

Cc: Marc-André Lureau <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
 ui/vnc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 6854fdb..cdeb79c 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2724,8 +2724,10 @@ static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, 
int y)
 static int vnc_update_stats(VncDisplay *vd,  struct timeval * tv)
-    int width = pixman_image_get_width(vd->guest.fb);
-    int height = pixman_image_get_height(vd->guest.fb);
+    int width = MIN(pixman_image_get_width(vd->guest.fb),
+                    pixman_image_get_width(vd->server));
+    int height = MIN(pixman_image_get_height(vd->guest.fb),
+                     pixman_image_get_height(vd->server));
     int x, y;
     struct timeval res;
     int has_dirty = 0;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]