From: Stefan Weil <weil@mail.berlios.de>
To: Aurelien Jarno <aurelien@aurel32.net>
Cc: Blue Swirl <blauwirbel@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Anthony Liguori <aliguori@us.ibm.com>,
qemu-devel <qemu-devel@nongnu.org>,
Corentin Chary <corentin.chary@gmail.com>
Subject: Re: [Qemu-devel] [PATCH 4/4] vnc: Limit r/w access to size of allocated memory
Date: Sun, 10 Apr 2011 08:28:02 +0200 [thread overview]
Message-ID: <4DA14DF2.1040900@mail.berlios.de> (raw)
In-Reply-To: <20110409221739.GB11487@volta.aurel32.net>
Am 10.04.2011 00:17, schrieb Aurelien Jarno:
> On Mon, Mar 21, 2011 at 09:34:38AM +0100, Corentin Chary wrote:
>> From: Stefan Weil <weil@mail.berlios.de>
>>
>> This fixes memory reads and writes which exceeded the upper limit
>> of allocated memory vd->guest.ds->data and vd->server->data.
>>
>> Cc: Anthony Liguori <aliguori@us.ibm.com>
>> Signed-off-by: Stefan Weil <weil@mail.berlios.de>
>> Signed-off-by: Corentin Chary <corentin.chary@gmail.com>
>> ---
>> ui/vnc.c | 3 +++
>> 1 files changed, 3 insertions(+), 0 deletions(-)
>>
>> diff --git a/ui/vnc.c b/ui/vnc.c
>> index 90b6384..3138053 100644
>> --- a/ui/vnc.c
>> +++ b/ui/vnc.c
>> @@ -2414,6 +2414,9 @@ static int
>> vnc_refresh_server_surface(VncDisplay *vd)
>> * Update server dirty map.
>> */
>> cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
>> + if (cmp_bytes > vd->ds->surface->linesize) {
>> + cmp_bytes = vd->ds->surface->linesize;
>> + }
>
> What about using ds_get_linesize(vd->ds) instead?
Yes, that's better. Please either change the two lines, or
wait until I have sent a new version of the patch.
The patch should be applied to stable, too.
Thanks,
Stefan
prev parent reply other threads:[~2011-04-10 6:29 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-21 8:34 [Qemu-devel] [PATCH 0/4] VNC fixs collection Corentin Chary
2011-03-21 8:34 ` [Qemu-devel] [PATCH 1/4] vnc: tight: Fix crash after 2GB of output Corentin Chary
2011-04-09 22:22 ` Aurelien Jarno
2011-04-11 9:27 ` Corentin Chary
2011-04-11 10:05 ` Aurelien Jarno
2011-03-21 8:34 ` [Qemu-devel] [PATCH 2/4] vnc: don't mess up with iohandlers in the vnc thread Corentin Chary
2011-03-21 8:34 ` [Qemu-devel] [PATCH 3/4] fix vnc regression Corentin Chary
2011-03-21 8:43 ` [Qemu-devel] " Wen Congyang
2011-03-21 8:34 ` [Qemu-devel] [PATCH 4/4] vnc: Limit r/w access to size of allocated memory Corentin Chary
2011-04-09 22:17 ` Aurelien Jarno
2011-04-10 6:28 ` Stefan Weil [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DA14DF2.1040900@mail.berlios.de \
--to=weil@mail.berlios.de \
--cc=aliguori@us.ibm.com \
--cc=aurelien@aurel32.net \
--cc=blauwirbel@gmail.com \
--cc=corentin.chary@gmail.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.