aboutsummaryrefslogtreecommitdiff
path: root/ui/gtk.c
diff options
context:
space:
mode:
authorMarc-André Lureau <marcandre.lureau@redhat.com>2016-12-07 13:55:11 +0300
committerGerd Hoffmann <kraxel@redhat.com>2017-01-10 08:14:20 +0100
commitc952b71582e2e4be286087ad34de5e3ec1b8d974 (patch)
tree4213da6c48cc26c8b9d686a0dcad427ef1362501 /ui/gtk.c
parent6250dff39a358a5f61cbaf085bf8be739a6c73f3 (diff)
downloadqemu-c952b71582e2e4be286087ad34de5e3ec1b8d974.zip
qemu-c952b71582e2e4be286087ad34de5e3ec1b8d974.tar.gz
qemu-c952b71582e2e4be286087ad34de5e3ec1b8d974.tar.bz2
gtk: avoid oob array access
When too many consoles are created, vcs[] may be write out-of-bounds. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20161207105511.25173-1-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'ui/gtk.c')
-rw-r--r--ui/gtk.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/ui/gtk.c b/ui/gtk.c
index 356f400..86368e3 100644
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1706,6 +1706,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *vc, Error **errp)
ChardevCommon *common = qapi_ChardevVC_base(vc);
CharDriverState *chr;
+ if (nb_vcs == MAX_VCS) {
+ error_setg(errp, "Maximum number of consoles reached");
+ return NULL;
+ }
+
chr = qemu_chr_alloc(common, errp);
if (!chr) {
return NULL;