source: trunk/packages/xen-3.1/xen-3.1/tools/ioemu/patches/vnc-protocol-fixes @ 34

Last change on this file since 34 was 34, checked in by hartmans, 18 years ago

Add xen and xen-common

File size: 1.4 KB
Line 
1# HG changeset patch
2# User Steven Smith <ssmith@xensource.com>
3# Node ID ca3abb3804f4400b24037a4366cb2ca5e51ed742
4# Parent  7fca81d456b2cb40d4effe2492f7ed1aafd32f52
5[HVM][VNC] Make sure that qemu doesn't go into an infinite loop when
6it receives certain invalid requests from the viewer.
7
8Signed-off-by: Steven Smith <sos22@cam.ac.uk>
9
10Index: ioemu/vnc.c
11===================================================================
12--- ioemu.orig/vnc.c    2006-12-06 23:46:11.000000000 +0000
13+++ ioemu/vnc.c 2006-12-06 23:46:11.000000000 +0000
14@@ -26,6 +26,7 @@
15 
16 #include "vl.h"
17 #include "qemu_socket.h"
18+#include <assert.h>
19 
20 #define VNC_REFRESH_INTERVAL (1000 / 30)
21 
22@@ -679,8 +680,10 @@
23            memmove(vs->input.buffer, vs->input.buffer + len,
24                    vs->input.offset - len);
25            vs->input.offset -= len;
26-       } else
27+       } else {
28+           assert(ret > vs->read_handler_expect);
29            vs->read_handler_expect = ret;
30+       }
31     }
32 }
33 
34@@ -963,8 +966,12 @@
35        if (len == 1)
36            return 4;
37 
38-       if (len == 4)
39-           return 4 + (read_u16(data, 2) * 4);
40+       if (len == 4) {
41+           uint16_t v;
42+           v = read_u16(data, 2);
43+           if (v)
44+               return 4 + v * 4;
45+       }
46 
47        limit = read_u16(data, 2);
48        for (i = 0; i < limit; i++) {
49@@ -998,8 +1005,12 @@
50        if (len == 1)
51            return 8;
52 
53-       if (len == 8)
54-           return 8 + read_u32(data, 4);
55+       if (len == 8) {
56+           uint32_t v;
57+           v = read_u32(data, 4);
58+           if (v)
59+               return 8 + v;
60+       }
61 
62        client_cut_text(vs, read_u32(data, 4), data + 8);
63        break;
Note: See TracBrowser for help on using the repository browser.