[Spice-devel] [PATCH spice-server 05/16] test-display-base: Avoid global buffer overflow
Christophe Fergeau
cfergeau at redhat.com
Wed Sep 6 15:39:13 UTC 2017
On Mon, Sep 04, 2017 at 11:57:13AM +0100, Frediano Ziglio wrote:
> For some reasons (documented in cursor_init) the function
> uses 128 bytes more of data causing a reading buffer overflow.
128 extra bytes of data ?
Acked-by: Christophe Fergeau <cfergeau at redhat.com>
>
> Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
> ---
> Is it still valid the reason or the buffer should be just the right
> size? Was it a old client bug?
> ---
> server/tests/test-display-base.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/server/tests/test-display-base.c b/server/tests/test-display-base.c
> index f77f9659..ed62a607 100644
> --- a/server/tests/test-display-base.c
> +++ b/server/tests/test-display-base.c
> @@ -694,7 +694,7 @@ static void release_resource(SPICE_GNUC_UNUSED QXLInstance *qin,
>
> static struct {
> QXLCursor cursor;
> - uint8_t data[CURSOR_WIDTH * CURSOR_HEIGHT * 4]; // 32bit per pixel
> + uint8_t data[CURSOR_WIDTH * CURSOR_HEIGHT * 4 + 128]; // 32bit per pixel
> } cursor;
>
> static void cursor_init(void)
> --
> 2.13.5
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list