rpms / spice-gtk

Clone
Source Code
GIT

Blame SOURCES/0002-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s
  1.   c7-beta
  2.   SOURCES
  3.   0002-lz-Avoid-buffer-reading-overflow-checking-for-image-.patch
Blob History Raw
39a9e2 
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
39a9e2 
From: Frediano Ziglio <fziglio@redhat.com>
39a9e2 
Date: Fri, 22 Dec 2017 18:43:00 +0000
39a9e2 
Subject: [PATCH spice-common 1/2] lz: Avoid buffer reading overflow checking
39a9e2 
 for image type
39a9e2
39a9e2 
The type of the image is just copied from network without
39a9e2 
any check and later used for array indexing.
39a9e2
39a9e2 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
39a9e2 
Acked-by: Uri Lublin <uril@redhat.com>
39a9e2 
---
39a9e2 
 common/lz.c | 3 +++
39a9e2 
 1 file changed, 3 insertions(+)
39a9e2
39a9e2 
diff --git a/spice-common/common/lz.c b/spice-common/common/lz.c
39a9e2 
index 87c13db..2c5d5e2 100644
39a9e2 
--- a/spice-common/common/lz.c
39a9e2 
+++ b/spice-common/common/lz.c
39a9e2 
@@ -593,6 +593,9 @@ void lz_decode_begin(LzContext *lz, uint8_t *io_ptr, unsigned int num_io_bytes,
39a9e2 
     }
39a9e2
39a9e2 
     encoder->type = (LzImageType)decode_32(encoder);
39a9e2 
+    if (encoder->type <= LZ_IMAGE_TYPE_INVALID || encoder->type > LZ_IMAGE_TYPE_A8) {
39a9e2 
+        encoder->usr->error(encoder->usr, "invalid lz type %d\n", encoder->type);
39a9e2 
+    }
39a9e2 
     encoder->width = decode_32(encoder);
39a9e2 
     encoder->height = decode_32(encoder);
39a9e2 
     encoder->stride = decode_32(encoder);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation