[Spice-devel] [linux-vdagent PATCH 1/4] vdagentd: fix potentially copying more data then a chunk holds when reading the header
Hans de Goede
hdegoede at redhat.com
Wed Mar 23 12:31:05 PDT 2011
---
vdagent-virtio-port.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/vdagent-virtio-port.c b/vdagent-virtio-port.c
index 961b62c..a4411e5 100644
--- a/vdagent-virtio-port.c
+++ b/vdagent-virtio-port.c
@@ -204,6 +204,9 @@ static void vdagent_virtio_port_do_chunk(struct vdagent_virtio_port **portp)
if (port->message_header_read < sizeof(port->message_header)) {
read = sizeof(port->message_header) - port->message_header_read;
+ if (read > port->chunk_header.size) {
+ read = port->chunk_header.size;
+ }
memcpy((uint8_t *)&port->message_header + port->message_header_read,
port->chunk_data, read);
port->message_header_read += read;
--
1.7.3.2
More information about the Spice-devel
mailing list