[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 01/54] gtk: avoid oob array access
From: |
Marc-André Lureau |
Subject: |
[Qemu-devel] [PATCH 01/54] gtk: avoid oob array access |
Date: |
Tue, 13 Dec 2016 01:42:32 +0300 |
When too many consoles are created, vcs[] may be write out-of-bounds.
Signed-off-by: Marc-André Lureau <address@hidden>
---
ui/gtk.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/ui/gtk.c b/ui/gtk.c
index e81642876a..67c52179ee 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1696,6 +1696,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *vc,
Error **errp)
ChardevCommon *common = qapi_ChardevVC_base(vc);
CharDriverState *chr;
+ if (nb_vcs == MAX_VCS) {
+ error_setg(errp, "Maximum number of consoles reached");
+ return NULL;
+ }
+
chr = qemu_chr_alloc(common, errp);
if (!chr) {
return NULL;
--
2.11.0
- [Qemu-devel] [PATCH 00/54] WIP: chardev: qom-ify, Marc-André Lureau, 2016/12/12
- [Qemu-devel] [PATCH 01/54] gtk: avoid oob array access,
Marc-André Lureau <=
- [Qemu-devel] [PATCH 02/54] char: use a const CharDriver, Marc-André Lureau, 2016/12/12
- [Qemu-devel] [PATCH 03/54] char: use a static array for backends, Marc-André Lureau, 2016/12/12
- [Qemu-devel] [PATCH 05/54] char: fold single-user functions in caller, Marc-André Lureau, 2016/12/12
- [Qemu-devel] [PATCH 04/54] char: move callbacks in CharDriver, Marc-André Lureau, 2016/12/12
- [Qemu-devel] [PATCH 06/54] char: introduce generic qemu_chr_get_kind(), Marc-André Lureau, 2016/12/12