aboutsummaryrefslogtreecommitdiff
path: root/vnc.c
diff options
context:
space:
mode:
authorths <ths@c046a42c-6fe2-441c-8c8c-71466251a162>2007-09-13 12:41:42 +0000
committerths <ths@c046a42c-6fe2-441c-8c8c-71466251a162>2007-09-13 12:41:42 +0000
commitbaa7666c74e7495c0982afe2a566aabcd4dbe1ac (patch)
tree42a32819ae3d93d64302c2d481fbcdd43ef5c293 /vnc.c
parentb7ffa3b1d25f2c68e851dc65fbfd97762f6c1748 (diff)
downloadqemu-baa7666c74e7495c0982afe2a566aabcd4dbe1ac.zip
qemu-baa7666c74e7495c0982afe2a566aabcd4dbe1ac.tar.gz
qemu-baa7666c74e7495c0982afe2a566aabcd4dbe1ac.tar.bz2
Fix infinite loop in VNC support, by Marc Bevand.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3169 c046a42c-6fe2-441c-8c8c-71466251a162
Diffstat (limited to 'vnc.c')
-rw-r--r--vnc.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/vnc.c b/vnc.c
index 6490698..75e4fc9 100644
--- a/vnc.c
+++ b/vnc.c
@@ -1195,8 +1195,11 @@ static int protocol_client_msg(VncState *vs, char *data, size_t len)
if (len == 1)
return 8;
- if (len == 8)
- return 8 + read_u32(data, 4);
+ if (len == 8) {
+ uint32_t dlen = read_u32(data, 4);
+ if (dlen > 0)
+ return 8 + dlen;
+ }
client_cut_text(vs, read_u32(data, 4), data + 8);
break;