[Spice-devel] [vdagent-win PATCH] Prevent possible future buffer overflow

Christophe de Dinechin cdupontd at redhat.com
Wed Jul 26 07:28:35 UTC 2017


> On 26 Jul 2017, at 09:21, Frediano Ziglio <fziglio at redhat.com> wrote:
> 
> event_type should come only with specific values but
> this in theory can change in the future.
> To prevent overflows (just for logging) check value size
> against lookup array.
> 
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> vdservice/vdservice.cpp | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/vdservice/vdservice.cpp b/vdservice/vdservice.cpp
> index 329f9c2..ec6243e 100644
> --- a/vdservice/vdservice.cpp
> +++ b/vdservice/vdservice.cpp
> @@ -284,7 +284,8 @@ DWORD WINAPI VDService::control_handler(DWORD control, DWORD event_type, LPVOID
>         break;
>     case SERVICE_CONTROL_SESSIONCHANGE: {
>         DWORD session_id = ((WTSSESSION_NOTIFICATION*)event_data)->dwSessionId;
> -        vd_printf("Session %lu %s", session_id, session_events[event_type]);
> +        vd_printf("Session %lu %s", session_id,
> +                  event_type < ARRAYSIZE(session_events) ? session_events[event_type]: "unknown");
>         SetServiceStatus(s->_status_handle, &s->_status);
>         if (event_type == WTS_CONSOLE_CONNECT) {
>             s->_session_id = session_id;

Ack

> -- 
> 2.13.3
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel



More information about the Spice-devel mailing list