ui: avoid risk of 32-bit int overflow in VNC buffer check - bwlp/qemu.git - Experimental fork of QEMU with video encoding patches

diff options

author	Daniel P. Berrangé	2018-02-05 12:49:35 +0100
committer	Gerd Hoffmann	2018-02-16 12:33:02 +0100
commit	dffa1de071aa956308172170107b7b60d99bf34b (patch)
tree	35de430dfbd92dd728d336c34b7b0b85891cb3f4 /ui/vnc-auth-sasl.c
parent	sdl2: fix mouse grab (diff)
download	qemu-dffa1de071aa956308172170107b7b60d99bf34b.tar.gz qemu-dffa1de071aa956308172170107b7b60d99bf34b.tar.xz qemu-dffa1de071aa956308172170107b7b60d99bf34b.zip

ui: avoid risk of 32-bit int overflow in VNC buffer check

For very large framebuffers, it is theoretically possible for the result of 'vs->throttle_output_offset * VNC_THROTTLE_OUTPUT_LIMIT_SCALE' to exceed the size of a 32-bit int. For this to happen in practice, the video RAM would have to be set to a large enough value, which is not likely today. None the less we can be paranoid against future growth by using division instead of multiplication when checking the limits. Reported-by: Laszlo Ersek <lersek@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20180205114938.15784-2-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>

Diffstat (limited to 'ui/vnc-auth-sasl.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: