 Home |
About Xen.org |
Xen |
Xen Summit |
Wiki |
Mailing List |
Bug Tracker |
Xen Downloads |
xen-changelog
[Xen-changelog] [xen-unstable] [HVM][VNC] Make sure that qemu doesn't go
| To: | xen-changelog@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-changelog] [xen-unstable] [HVM][VNC] Make sure that qemu doesn't go into an infinite loop when |
| From: | Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx> |
| Date: | Tue, 26 Sep 2006 17:40:12 +0000 |
| Delivery-date: | Tue, 26 Sep 2006 10:41:00 -0700 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-changelog-request@lists.xensource.com?subject=help> |
| List-id: | BK change log <xen-changelog.lists.xensource.com> |
| List-post: | <mailto:xen-changelog@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe> |
| Reply-to: | xen-devel@xxxxxxxxxxxxxxxxxxx |
| Sender: | xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx |
# HG changeset patch
# User Steven Smith <ssmith@xxxxxxxxxxxxx>
# Node ID ca3abb3804f4400b24037a4366cb2ca5e51ed742
# Parent 7fca81d456b2cb40d4effe2492f7ed1aafd32f52
[HVM][VNC] Make sure that qemu doesn't go into an infinite loop when
it receives certain invalid requests from the viewer.
Signed-off-by: Steven Smith <sos22@xxxxxxxxx>
---
tools/ioemu/vnc.c | 21 ++++++++++++++++-----
1 files changed, 16 insertions(+), 5 deletions(-)
diff -r 7fca81d456b2 -r ca3abb3804f4 tools/ioemu/vnc.c
--- a/tools/ioemu/vnc.c Tue Sep 26 16:45:52 2006 +0100
+++ b/tools/ioemu/vnc.c Tue Sep 26 16:46:47 2006 +0100
@@ -26,6 +26,7 @@
#include "vl.h"
#include "qemu_socket.h"
+#include <assert.h>
/* The refresh interval starts at BASE. If we scan the buffer and
find no change, we increase by INC, up to MAX. If the mouse moves
@@ -728,8 +729,10 @@ static void vnc_client_read(void *opaque
memmove(vs->input.buffer, vs->input.buffer + len,
vs->input.offset - len);
vs->input.offset -= len;
- } else
+ } else {
+ assert(ret > vs->read_handler_expect);
vs->read_handler_expect = ret;
+ }
}
}
@@ -1076,8 +1079,12 @@ static int protocol_client_msg(VncState
if (len == 1)
return 4;
- if (len == 4)
- return 4 + (read_u16(data, 2) * 4);
+ if (len == 4) {
+ uint16_t v;
+ v = read_u16(data, 2);
+ if (v)
+ return 4 + v * 4;
+ }
limit = read_u16(data, 2);
for (i = 0; i < limit; i++) {
@@ -1117,8 +1124,12 @@ static int protocol_client_msg(VncState
if (len == 1)
return 8;
- if (len == 8)
- return 8 + read_u32(data, 4);
+ if (len == 8) {
+ uint32_t v;
+ v = read_u32(data, 4);
+ if (v)
+ return 8 + 4;
+ }
client_cut_text(vs, read_u32(data, 4), data + 8);
break;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-changelog] [xen-unstable] [HVM] Make qemu_advance_timer do something sensible with timers which, Xen patchbot-unstable |
|---|---|
| Next by Date: | [Xen-changelog] [xen-unstable] [HVM][VNC] Work around a bug in the newest version of xvncviewer which, Xen patchbot-unstable |
| Previous by Thread: | [Xen-changelog] [xen-unstable] [HVM] Make qemu_advance_timer do something sensible with timers which, Xen patchbot-unstable |
| Next by Thread: | [Xen-changelog] [xen-unstable] [HVM][VNC] Work around a bug in the newest version of xvncviewer which, Xen patchbot-unstable |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
xen.org, 