[Spice-devel] [spice-server PATCH 4/4] dcc_compress_image: fix a possible overflow when calculating image_size
Uri Lublin
uril at redhat.com
Wed Sep 14 12:31:02 UTC 2016
Both src->stride and src->y are uint32_t
Fixed by making one of them uint64_t
Found by coverity
Signed-off-by: Uri Lublin <uril at redhat.com>
---
server/dcc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/server/dcc.c b/server/dcc.c
index 2587d72..a56b658 100644
--- a/server/dcc.c
+++ b/server/dcc.c
@@ -767,7 +767,7 @@ lz_compress:
}
if (!success) {
- uint64_t image_size = src->stride * src->y;
+ uint64_t image_size = src->stride * (uint64_t)src->y;
stat_compress_add(&display_channel->encoder_shared_data.off_stat, start_time, image_size, image_size);
}
--
2.7.4
More information about the Spice-devel
mailing list