diff options
author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2016-12-07 13:55:11 +0300 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2017-01-10 08:14:20 +0100 |
commit | c952b71582e2e4be286087ad34de5e3ec1b8d974 (patch) | |
tree | 4213da6c48cc26c8b9d686a0dcad427ef1362501 /ui/gtk.c | |
parent | 6250dff39a358a5f61cbaf085bf8be739a6c73f3 (diff) | |
download | qemu-c952b71582e2e4be286087ad34de5e3ec1b8d974.zip qemu-c952b71582e2e4be286087ad34de5e3ec1b8d974.tar.gz qemu-c952b71582e2e4be286087ad34de5e3ec1b8d974.tar.bz2 |
gtk: avoid oob array access
When too many consoles are created, vcs[] may be write out-of-bounds.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20161207105511.25173-1-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'ui/gtk.c')
-rw-r--r-- | ui/gtk.c | 5 |
1 files changed, 5 insertions, 0 deletions
@@ -1706,6 +1706,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *vc, Error **errp) ChardevCommon *common = qapi_ChardevVC_base(vc); CharDriverState *chr; + if (nb_vcs == MAX_VCS) { + error_setg(errp, "Maximum number of consoles reached"); + return NULL; + } + chr = qemu_chr_alloc(common, errp); if (!chr) { return NULL; |