[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL v2 09/11] vnc: fix overflow in vnc_update_stats
From: |
Gerd Hoffmann |
Subject: |
[Qemu-devel] [PULL v2 09/11] vnc: fix overflow in vnc_update_stats |
Date: |
Tue, 31 Jan 2017 16:50:29 +0100 |
Commit "bea60dd ui/vnc: fix potential memory corruption issues" is
incomplete. vnc_update_stats must calculate width and height the same
way vnc_refresh_server_surface does it, to make sure we don't use width
and height values larger than the qemu vnc server can handle.
Commit "e22492d ui/vnc: disable adaptive update calculations if not
needed" masks the issue in the default configuration. It triggers only
in case the "lossy" option is set to "on" (default is "off").
Cc: Marc-André Lureau <address@hidden>
Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Marc-André Lureau <address@hidden>
Message-id: address@hidden
---
ui/vnc.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/ui/vnc.c b/ui/vnc.c
index 6854fdb..cdeb79c 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -2724,8 +2724,10 @@ static int vnc_refresh_lossy_rect(VncDisplay *vd, int x,
int y)
static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
{
- int width = pixman_image_get_width(vd->guest.fb);
- int height = pixman_image_get_height(vd->guest.fb);
+ int width = MIN(pixman_image_get_width(vd->guest.fb),
+ pixman_image_get_width(vd->server));
+ int height = MIN(pixman_image_get_height(vd->guest.fb),
+ pixman_image_get_height(vd->server));
int x, y;
struct timeval res;
int has_dirty = 0;
--
1.8.3.1
- Re: [Qemu-devel] [PULL v2 00/11] ui patch queue, (continued)
- Re: [Qemu-devel] [PULL v2 00/11] ui patch queue, Peter Maydell, 2017/01/09
- [Qemu-devel] [PULL v2 00/11] ui patch queue, Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 02/11] ps2: add support for mice with extra/side buttons, Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 03/11] ui: add support for mice with extra/side buttons, Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 01/11] qapi: add support for mice with extra/side buttons, Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 11/11] console: fix console resize, Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 07/11] ui/gtk.c: add ctrl-alt-= support for zoom in acceleration, Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 05/11] ui/gtk: Fix mouse wheel on 3.4.0 or later, Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 09/11] vnc: fix overflow in vnc_update_stats,
Gerd Hoffmann <=
- [Qemu-devel] [PULL v2 10/11] gtk: Hardcode LC_CTYPE as C.utf-8, Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 06/11] ui: fix format specfier in vnc to avoid break in build., Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 04/11] vnc: track LED state separately, Gerd Hoffmann, 2017/01/31
- [Qemu-devel] [PULL v2 08/11] spice: wakeup QXL worker to pick up mouse changes, Gerd Hoffmann, 2017/01/31
- Re: [Qemu-devel] [PULL v2 00/11] ui patch queue, Peter Maydell, 2017/01/31