|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen-unstable] [HVM] Avoid buffer overrun in qemu-dm
# HG changeset patch
# User Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>
# Node ID 72ce74a680d7a3d63f62b29d7e1ef844d55ffe32
# Parent ffbd9e4668a6cfd3c936c7344c194afe368f2642
[HVM] Avoid buffer overrun in qemu-dm
The array offset in set_bits_in_row here comes from an otherwise un-checked
VNC client request.
Signed-off-by: Tim Deegan <Tim.Deegan@xxxxxxxxxxxxx>
---
tools/ioemu/vnc.c | 2 ++
1 files changed, 2 insertions(+)
diff -r ffbd9e4668a6 -r 72ce74a680d7 tools/ioemu/vnc.c
--- a/tools/ioemu/vnc.c Wed Oct 25 10:59:00 2006 +0100
+++ b/tools/ioemu/vnc.c Wed Oct 25 11:39:57 2006 +0100
@@ -203,6 +203,8 @@ static void set_bits_in_row(VncState *vs
mask = ~(0ULL);
h += y;
+ if (h > vs->ds->height)
+ h = vs->ds->height;
for (; y < h; y++)
row[y] |= mask;
}
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |