[Spice-devel] [PATCH spice-server 05/16] test-display-base: Avoid global buffer overflow

Christophe Fergeau cfergeau at redhat.com
Wed Sep 6 15:39:13 UTC 2017


On Mon, Sep 04, 2017 at 11:57:13AM +0100, Frediano Ziglio wrote:
> For some reasons (documented in cursor_init) the function
> uses 128 bytes more of data causing a reading buffer overflow.

128 extra bytes of data ?

Acked-by: Christophe Fergeau <cfergeau at redhat.com>

> 
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> Is it still valid the reason or the buffer should be just the right
> size? Was it a old client bug?
> ---
>  server/tests/test-display-base.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/server/tests/test-display-base.c b/server/tests/test-display-base.c
> index f77f9659..ed62a607 100644
> --- a/server/tests/test-display-base.c
> +++ b/server/tests/test-display-base.c
> @@ -694,7 +694,7 @@ static void release_resource(SPICE_GNUC_UNUSED QXLInstance *qin,
>  
>  static struct {
>      QXLCursor cursor;
> -    uint8_t data[CURSOR_WIDTH * CURSOR_HEIGHT * 4]; // 32bit per pixel
> +    uint8_t data[CURSOR_WIDTH * CURSOR_HEIGHT * 4 + 128]; // 32bit per pixel
>  } cursor;
>  
>  static void cursor_init(void)
> -- 
> 2.13.5
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel


More information about the Spice-devel mailing list