From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LSV1F-0000ur-E0
	for qemu-devel@nongnu.org; Thu, 29 Jan 2009 06:25:13 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LSV1D-0000tx-OQ
	for qemu-devel@nongnu.org; Thu, 29 Jan 2009 06:25:12 -0500
Received: from [199.232.76.173] (port=32844 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LSV1D-0000tf-80
	for qemu-devel@nongnu.org; Thu, 29 Jan 2009 06:25:11 -0500
Received: from ns.suse.de ([195.135.220.2]:50939 helo=mx1.suse.de)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <agraf@suse.de>) id 1LSV1B-0001b3-MS
	for qemu-devel@nongnu.org; Thu, 29 Jan 2009 06:25:10 -0500
From: Alexander Graf <agraf@suse.de>
Date: Thu, 29 Jan 2009 12:24:55 +0100
Message-Id: <1233228298-4844-5-git-send-email-agraf@suse.de>
In-Reply-To: <1233228298-4844-4-git-send-email-agraf@suse.de>
References: <1233228298-4844-1-git-send-email-agraf@suse.de>
	<1233228298-4844-2-git-send-email-agraf@suse.de>
	<1233228298-4844-3-git-send-email-agraf@suse.de>
	<1233228298-4844-4-git-send-email-agraf@suse.de>
Subject: [Qemu-devel] [PATCH 4/7] Make vnc buffer big-chunk aware
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Currently writing to buffers is protected by buffer_reserve.
Unfortunately, is reserves at most 1024 bytes more than we currently
have, so if we want to write a 2048 bytes chunk, we overwrite
random memory.

This patch addresses this in a pretty dumb but easy way.

Signed-off-by: Alexander Graf <agraf@suse.de>
---
 vnc.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/vnc.c b/vnc.c
index 4b17f85..d0d9580 100644
--- a/vnc.c
+++ b/vnc.c
@@ -592,7 +592,7 @@ static int vnc_listen_poll(void *opaque)
 
 static void buffer_reserve(Buffer *buffer, size_t len)
 {
-    if ((buffer->capacity - buffer->offset) < len) {
+    while ((buffer->capacity - buffer->offset) < len) {
 	buffer->capacity += (len + 1024);
 	buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
 	if (buffer->buffer == NULL) {
-- 
1.6.0.2