[Spice-devel] [PATCH spice-server 1/2] Avoid integer overflow for Drawable::refs field
Frediano Ziglio
fziglio at redhat.com
Wed Jan 4 13:35:14 UTC 2017
This fixes a regression caused by
a43c21b6bcdda701763afb6d73e38a3c419e54c7
("DCC: change how fill_bits() marshalls data by reference").
Before the mentioned patch the number of references to Drawable
structure were really few so an uint8_t was enough.
Now that every chunk of the image are accounted you can easily
get an overflow.
This fixes https://bugs.freedesktop.org/show_bug.cgi?id=99258.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/display-channel.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/server/display-channel.h b/server/display-channel.h
index 715ad1a..5ecc5c3 100644
--- a/server/display-channel.h
+++ b/server/display-channel.h
@@ -81,7 +81,7 @@ typedef struct DependItem {
} DependItem;
struct Drawable {
- uint8_t refs;
+ uint32_t refs;
RingItem surface_list_link;
RingItem list_link;
DrawItem tree_item;
--
2.9.3
More information about the Spice-devel
mailing list