[Spice-commits] 2 commits - common/agent.c tests/meson.build
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Wed Apr 14 06:47:16 UTC 2021
common/agent.c | 12 ++++++------
tests/meson.build | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
New commits:
commit c39f4fd002f6b0b806077d57ef9bf1a5069b1683
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Tue Apr 13 21:54:28 2021 +0400
Fix build as meson subproject
Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
diff --git a/tests/meson.build b/tests/meson.build
index debce75..053aa73 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -47,7 +47,7 @@ if spice_common_generate_client_code or spice_common_generate_server_code
'--generate-demarshallers',
'--client',
'--include', 'test-marshallers.h',
- '--generated-declaration-file', 'generated_test_messages.h',
+ '--generated-declaration-file', meson.current_build_dir() /'generated_test_messages.h',
'@INPUT@', '@OUTPUT@'
]],
['test_enums_h', test_proto, 'generated_test_enums.h', [
commit 91362d045a42b56cb8bc2b91034b91165482723f
Author: Marc-André Lureau <marcandre.lureau at redhat.com>
Date: Tue Apr 13 21:27:00 2021 +0400
Fix invalid vdagent buffer access
The caller use the "size" argument in different ways. Either the size of
the data to convert, or the end boundary to be deduced by offset.
Fix it so the the "size" argument means the amount in bytes of data to
convert, that seems simpler and saner. (yay C)
Fixes: spice#53
Signed-off-by: Marc-André Lureau <marcandre.lureau at redhat.com>
diff --git a/common/agent.c b/common/agent.c
index e29fdcd..3894c7f 100644
--- a/common/agent.c
+++ b/common/agent.c
@@ -132,8 +132,8 @@ static void uint16_from_le(uint8_t *_msg, uint32_t size, uint32_t offset)
uint32_t i;
uint16_unaligned_t *msg = (uint16_unaligned_t *)(_msg + offset);
- /* offset - size % 2 should be 0 - extra bytes are ignored */
- for (i = 0; i < (size - offset) / 2; i++) {
+ /* size % 2 should be 0 - extra bytes are ignored */
+ for (i = 0; i < size / 2; i++) {
FIX_ENDIAN16(msg[i].v);
}
}
@@ -143,8 +143,8 @@ static void uint32_from_le(uint8_t *_msg, uint32_t size, uint32_t offset)
uint32_t i;
uint32_unaligned_t *msg = (uint32_unaligned_t *)(_msg + offset);
- /* offset - size % 4 should be 0 - extra bytes are ignored */
- for (i = 0; i < (size - offset) / 4; i++) {
+ /* size % 4 should be 0 - extra bytes are ignored */
+ for (i = 0; i < size / 4; i++) {
FIX_ENDIAN32(msg[i].v);
}
}
@@ -168,7 +168,7 @@ agent_message_clipboard_from_le(const VDAgentMessage *message_header, uint8_t *d
FIX_ENDIAN32(data_type->v);
break;
case VD_AGENT_CLIPBOARD_GRAB:
- uint32_from_le(data, message_header->size, min_size);
+ uint32_from_le(data, message_header->size - min_size, min_size);
break;
case VD_AGENT_CLIPBOARD_RELEASE:
// empty
@@ -318,7 +318,7 @@ agent_check_message(const VDAgentMessage *message_header, uint8_t *message,
if (vdata->nchannels > max_channels) {
return AGENT_CHECK_TRUNCATED;
}
- uint16_from_le(message, message_header->size, sizeof(*vdata));
+ uint16_from_le(message, message_header->size - sizeof(*vdata), sizeof(*vdata));
break;
}
default:
More information about the Spice-commits
mailing list