xen-changelog

[Top] [All Lists]

[Xen-changelog] [xen-unstable] [HVM][VNC] Make sure that qemu doesn't go

from [Xen patchbot-unstable]

[Permanent Link][Original]

To:	xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-changelog] [xen-unstable] [HVM][VNC] Make sure that qemu doesn't go into an infinite loop when
From:	Xen patchbot-unstable <patchbot-unstable@xxxxxxxxxxxxxxxxxxx>
Date:	Tue, 26 Sep 2006 17:40:12 +0000
Delivery-date:	Tue, 26 Sep 2006 10:41:00 -0700
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id:	BK change log <xen-changelog.lists.xensource.com>
List-post:	<mailto:xen-changelog@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to:	xen-devel@xxxxxxxxxxxxxxxxxxx
Sender:	xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx

# HG changeset patch
# User Steven Smith <ssmith@xxxxxxxxxxxxx>
# Node ID ca3abb3804f4400b24037a4366cb2ca5e51ed742
# Parent  7fca81d456b2cb40d4effe2492f7ed1aafd32f52
[HVM][VNC] Make sure that qemu doesn't go into an infinite loop when
it receives certain invalid requests from the viewer.

Signed-off-by: Steven Smith <sos22@xxxxxxxxx>
---
 tools/ioemu/vnc.c |   21 ++++++++++++++++-----
 1 files changed, 16 insertions(+), 5 deletions(-)

diff -r 7fca81d456b2 -r ca3abb3804f4 tools/ioemu/vnc.c
--- a/tools/ioemu/vnc.c Tue Sep 26 16:45:52 2006 +0100
+++ b/tools/ioemu/vnc.c Tue Sep 26 16:46:47 2006 +0100
@@ -26,6 +26,7 @@
 
 #include "vl.h"
 #include "qemu_socket.h"
+#include <assert.h>
 
 /* The refresh interval starts at BASE.  If we scan the buffer and
    find no change, we increase by INC, up to MAX.  If the mouse moves
@@ -728,8 +729,10 @@ static void vnc_client_read(void *opaque
            memmove(vs->input.buffer, vs->input.buffer + len,
                    vs->input.offset - len);
            vs->input.offset -= len;
-       } else
+       } else {
+           assert(ret > vs->read_handler_expect);
            vs->read_handler_expect = ret;
+       }
     }
 }
 
@@ -1076,8 +1079,12 @@ static int protocol_client_msg(VncState 
        if (len == 1)
            return 4;
 
-       if (len == 4)
-           return 4 + (read_u16(data, 2) * 4);
+       if (len == 4) {
+           uint16_t v;
+           v = read_u16(data, 2);
+           if (v)
+               return 4 + v * 4;
+       }
 
        limit = read_u16(data, 2);
        for (i = 0; i < limit; i++) {
@@ -1117,8 +1124,12 @@ static int protocol_client_msg(VncState 
        if (len == 1)
            return 8;
 
-       if (len == 8)
-           return 8 + read_u32(data, 4);
+       if (len == 8) {
+           uint32_t v;
+           v = read_u32(data, 4);
+           if (v)
+               return 8 + 4;
+       }
 
        client_cut_text(vs, read_u32(data, 4), data + 8);
        break;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Xen-changelog] [xen-unstable] [HVM][VNC] Make sure that qemu doesn't go into an infinite loop when, Xen patchbot-unstable <=

Previous by Date:	[Xen-changelog] [xen-unstable] [HVM] Make qemu_advance_timer do something sensible with timers which, Xen patchbot-unstable
Next by Date:	[Xen-changelog] [xen-unstable] [HVM][VNC] Work around a bug in the newest version of xvncviewer which, Xen patchbot-unstable
Previous by Thread:	[Xen-changelog] [xen-unstable] [HVM] Make qemu_advance_timer do something sensible with timers which, Xen patchbot-unstable
Next by Thread:	[Xen-changelog] [xen-unstable] [HVM][VNC] Work around a bug in the newest version of xvncviewer which, Xen patchbot-unstable
Indexes:	[Date] [Thread] [Top] [All Lists]