[Spice-commits] common/quic.c
Frediano Ziglio
fziglio at kemper.freedesktop.org
Wed Aug 23 21:47:29 UTC 2017
common/quic.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 70d4739ce2f90f904fa96e22e438e9b424a3dd42
Author: Frediano Ziglio <fziglio at redhat.com>
Date: Wed Aug 9 16:23:53 2017 +0100
quic: avoid crash on specific images
encodes_ones is called to encode a long sequence of 1 bits.
In some conditions (I manage to reproduce with a 85000x4 pixel
image fill with a single color) encodes_ones is called with a
"n" value >= 32.
This cause encode to be called with a "len" value of 32 which
trigger this assert:
spice_assert(len > 0 && len < 32);
causing a crash. Instead of calling encode with a constant
"len" as 32 call encode_32 which is supposed to encode
exactly 32 bit.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
Acked-by: Jonathon Jongsma <jjongsma at redhat.com>
diff --git a/common/quic.c b/common/quic.c
index 1be28c6..e097064 100644
--- a/common/quic.c
+++ b/common/quic.c
@@ -507,7 +507,7 @@ static inline void encode_ones(Encoder *encoder, unsigned int n)
unsigned int count;
for (count = n >> 5; count; count--) {
- encode(encoder, ~0U, 32);
+ encode_32(encoder, ~0U);
}
if ((n &= 0x1f)) {
More information about the Spice-commits
mailing list