[Spice-devel] [PATCH spice-server 05/16] test-display-base: Avoid global buffer overflow

Frediano Ziglio fziglio at redhat.com
Mon Sep 4 10:57:13 UTC 2017


For some reasons (documented in cursor_init) the function
uses 128 bytes more of data causing a reading buffer overflow.

Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
Is it still valid the reason or the buffer should be just the right
size? Was it a old client bug?
---
 server/tests/test-display-base.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/tests/test-display-base.c b/server/tests/test-display-base.c
index f77f9659..ed62a607 100644
--- a/server/tests/test-display-base.c
+++ b/server/tests/test-display-base.c
@@ -694,7 +694,7 @@ static void release_resource(SPICE_GNUC_UNUSED QXLInstance *qin,
 
 static struct {
     QXLCursor cursor;
-    uint8_t data[CURSOR_WIDTH * CURSOR_HEIGHT * 4]; // 32bit per pixel
+    uint8_t data[CURSOR_WIDTH * CURSOR_HEIGHT * 4 + 128]; // 32bit per pixel
 } cursor;
 
 static void cursor_init(void)
-- 
2.13.5



More information about the Spice-devel mailing list