diff options
author | Gerd Hoffmann <kraxel@redhat.com> | 2017-01-24 10:00:28 +0100 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2017-01-31 08:52:52 +0100 |
commit | eebe0b7905642a986cbce7406d6ab7bf78f3e210 (patch) | |
tree | 8daffe2c375b3f097a0c1314a02a15092f5e5d42 /ui/vnc.c | |
parent | 51e0b654539d587f09fc23074d1ae2a9c7747b06 (diff) | |
download | qemu-eebe0b7905642a986cbce7406d6ab7bf78f3e210.zip qemu-eebe0b7905642a986cbce7406d6ab7bf78f3e210.tar.gz qemu-eebe0b7905642a986cbce7406d6ab7bf78f3e210.tar.bz2 |
vnc: fix overflow in vnc_update_stats
Commit "bea60dd ui/vnc: fix potential memory corruption issues" is
incomplete. vnc_update_stats must calculate width and height the same
way vnc_refresh_server_surface does it, to make sure we don't use width
and height values larger than the qemu vnc server can handle.
Commit "e22492d ui/vnc: disable adaptive update calculations if not
needed" masks the issue in the default configuration. It triggers only
in case the "lossy" option is set to "on" (default is "off").
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 1485248428-575-1-git-send-email-kraxel@redhat.com
Diffstat (limited to 'ui/vnc.c')
-rw-r--r-- | ui/vnc.c | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -2724,8 +2724,10 @@ static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) { - int width = pixman_image_get_width(vd->guest.fb); - int height = pixman_image_get_height(vd->guest.fb); + int width = MIN(pixman_image_get_width(vd->guest.fb), + pixman_image_get_width(vd->server)); + int height = MIN(pixman_image_get_height(vd->guest.fb), + pixman_image_get_height(vd->server)); int x, y; struct timeval res; int has_dirty = 0; |