diff options
author | ths <ths@c046a42c-6fe2-441c-8c8c-71466251a162> | 2007-09-13 12:41:42 +0000 |
---|---|---|
committer | ths <ths@c046a42c-6fe2-441c-8c8c-71466251a162> | 2007-09-13 12:41:42 +0000 |
commit | baa7666c74e7495c0982afe2a566aabcd4dbe1ac (patch) | |
tree | 42a32819ae3d93d64302c2d481fbcdd43ef5c293 /vnc.c | |
parent | b7ffa3b1d25f2c68e851dc65fbfd97762f6c1748 (diff) | |
download | qemu-baa7666c74e7495c0982afe2a566aabcd4dbe1ac.zip qemu-baa7666c74e7495c0982afe2a566aabcd4dbe1ac.tar.gz qemu-baa7666c74e7495c0982afe2a566aabcd4dbe1ac.tar.bz2 |
Fix infinite loop in VNC support, by Marc Bevand.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3169 c046a42c-6fe2-441c-8c8c-71466251a162
Diffstat (limited to 'vnc.c')
-rw-r--r-- | vnc.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -1195,8 +1195,11 @@ static int protocol_client_msg(VncState *vs, char *data, size_t len) if (len == 1) return 8; - if (len == 8) - return 8 + read_u32(data, 4); + if (len == 8) { + uint32_t dlen = read_u32(data, 4); + if (dlen > 0) + return 8 + dlen; + } client_cut_text(vs, read_u32(data, 4), data + 8); break; |