[Spice-commits] server/websocket.c
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Tue Jun 16 14:18:43 UTC 2020
server/websocket.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
New commits:
commit b8f4d7d2c7a3d08a82f4bc7588cdff15cee54292
Author: Frediano Ziglio <freddy77 at gmail.com>
Date: Tue Jun 16 11:49:19 2020 +0100
websocket: Fix possible integer overflow
The shift of a uint_8 number by a number > 32 causes an overflow.
Signed-off-by: Frediano Ziglio <freddy77 at gmail.com>
Acked-by: Uri Lublin <ulublin at redhat.com>
diff --git a/server/websocket.c b/server/websocket.c
index f5df63f8..82b20b49 100644
--- a/server/websocket.c
+++ b/server/websocket.c
@@ -165,8 +165,9 @@ static uint64_t extract_length(const uint8_t *buf, int *used)
case LENGTH_64BIT:
*used += 8;
outlen = 0;
- for (i = 56; i >= 0; i -= 8) {
- outlen |= (*buf++) << i;
+ for (i = 0; i < 8; ++i) {
+ outlen <<= 8;
+ outlen |= *buf++;
}
break;
More information about the Spice-commits
mailing list