[Spice-devel] [PATCH spice-common] quic: avoid crash on specific images
Frediano Ziglio
fziglio at redhat.com
Mon Aug 21 13:31:12 UTC 2017
ping
>
> encodes_ones is called to encode a long sequence of 1 bits.
> In some conditions (I manage to reproduce with a 85000x4 pixel
> image fill with a single color) encodes_ones is called with a
> "n" value >= 32.
> This cause encode to be called with a "len" value of 32 which
> trigger this assert:
>
> spice_assert(len > 0 && len < 32);
>
> causing a crash. Instead of calling encode with a constant
> "len" as 32 call encode_32 which is supposed to encode
> exactly 32 bit.
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> common/quic.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/common/quic.c b/common/quic.c
> index 1be28c6..e097064 100644
> --- a/common/quic.c
> +++ b/common/quic.c
> @@ -507,7 +507,7 @@ static inline void encode_ones(Encoder *encoder, unsigned
> int n)
> unsigned int count;
>
> for (count = n >> 5; count; count--) {
> - encode(encoder, ~0U, 32);
> + encode_32(encoder, ~0U);
> }
>
> if ((n &= 0x1f)) {
More information about the Spice-devel
mailing list