[Spice-devel] [PATCH 4/4] do not segfault if link message header size is set to 0

Wed Oct 19 02:29:30 PDT 2011

https://bugs.freedesktop.org/show_bug.cgi?id=41988
---
 gtk/spice-channel.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c
index 5bc244f..23c16e7 100644
--- a/gtk/spice-channel.c
+++ b/gtk/spice-channel.c
@@ -976,6 +976,11 @@ static void spice_channel_recv_link_hdr(SpiceChannel *channel)
     }
 
     c->peer_msg = spice_malloc(c->peer_hdr.size);
+    if (c->peer_msg == NULL) {
+        g_critical("invalid peer header size: %u", c->peer_hdr.size);
+        goto error;
+    }
+
     c->state = SPICE_CHANNEL_STATE_LINK_MSG;
     return;
 
-- 
1.7.6.2

