[Spice-devel] [spice-server PATCH 1/3] red_get_surface_cmd: avoid overflow
Pavel Grunt
pgrunt at redhat.com
Mon Jul 17 07:38:47 UTC 2017
On Sun, 2017-07-16 at 18:47 +0300, Uri Lublin wrote:
> Although unlikely, theoretically, multiplying two 32-bit
> numbers may overflow.
>
> Found by coverity.
>
> Signed-off-by: Uri Lublin <uril at redhat.com>
Acked-by: Pavel Grunt <pgrunt at redhat.com>
> ---
> server/red-parse-qxl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c
> index 33f36923a..0ffa5f7d4 100644
> --- a/server/red-parse-qxl.c
> +++ b/server/red-parse-qxl.c
> @@ -1397,7 +1397,7 @@ bool red_get_surface_cmd(RedMemSlotInfo *slots, int
> group_id,
> return false;
> }
>
> - size = red->u.surface_create.height * abs(red-
> >u.surface_create.stride);
> + size = red->u.surface_create.height * (uint64_t)abs(red-
> >u.surface_create.stride);
> red->u.surface_create.data =
> (uint8_t*)memslot_get_virt(slots, qxl->u.surface_create.data,
> size, group_id, &error);
> if (error) {
More information about the Spice-devel
mailing list