[Spice-devel] [PATCH spice-server v3 1/5] smartcard: Fix copying remaining request
Frediano Ziglio
fziglio at redhat.com
Wed Oct 9 09:22:58 UTC 2019
Use memmove instead of memcpy as the buffer can overlap if the second
request if bigger than the first.
"buf_pos" points to the point of the buffer after we read, if we want
the first part of the next request is "buf_pos - remaining".
Same consideration setting "buf_pos" for the next iteration.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/smartcard.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/smartcard.c b/server/smartcard.c
index 4c5bba07d..bf5e90520 100644
--- a/server/smartcard.c
+++ b/server/smartcard.c
@@ -150,9 +150,9 @@ static RedPipeItem *smartcard_read_msg_from_device(RedCharDevice *self,
msg_to_client = smartcard_char_device_on_message_from_device(dev, vheader);
remaining = dev->priv->buf_used - sizeof(VSCMsgHeader) - actual_length;
if (remaining > 0) {
- memcpy(dev->priv->buf, dev->priv->buf_pos, remaining);
+ memmove(dev->priv->buf, dev->priv->buf_pos - remaining, remaining);
}
- dev->priv->buf_pos = dev->priv->buf;
+ dev->priv->buf_pos = dev->priv->buf + remaining;
dev->priv->buf_used = remaining;
if (msg_to_client) {
return &msg_to_client->base;
--
2.21.0
More information about the Spice-devel
mailing list