[Spice-devel] [spice-server PATCH 4/4] dcc_compress_image: fix a possible overflow when calculating image_size
Frediano Ziglio
fziglio at redhat.com
Wed Sep 14 12:41:45 UTC 2016
> Both src->stride and src->y are uint32_t
> Fixed by making one of them uint64_t
>
> Found by coverity
>
Does not hurt however the image size cannot be > 32 bit so changing image_size
to uint32_t would fix the issue too.
But on a 64 bit system does not make such of a difference.
> Signed-off-by: Uri Lublin <uril at redhat.com>
> ---
> server/dcc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/server/dcc.c b/server/dcc.c
> index 2587d72..a56b658 100644
> --- a/server/dcc.c
> +++ b/server/dcc.c
> @@ -767,7 +767,7 @@ lz_compress:
> }
>
> if (!success) {
> - uint64_t image_size = src->stride * src->y;
> + uint64_t image_size = src->stride * (uint64_t)src->y;
> stat_compress_add(&display_channel->encoder_shared_data.off_stat,
> start_time, image_size, image_size);
> }
>
Frediano
More information about the Spice-devel
mailing list