Google Git
Sign in
qemu / qemu / cf0706581bc0c24ab2e9a81ff0fc3efa9482c812
commitcf0706581bc0c24ab2e9a81ff0fc3efa9482c812[log] [tgz]
authorDaniel P. Berrangé <berrange@redhat.com>Mon Feb 05 11:49:37 2018 +0000
committerGerd Hoffmann <kraxel@redhat.com>Fri Feb 16 12:33:02 2018 +0100
treee3cb993a75f3bc55d57c64ab8a884418edc547f6
parent52c7c9d076dc64a6d3f1938b5a4994f84744c7fa [diff]
ui: check VNC audio frequency limit at time of reading from client

The 'vs->as.freq' value is a signed integer, which is read from an
unsigned 32-bit int field on the wire. There is thus a risk of overflow
on 32-bit platforms. Move the frequency limit checking to be done at
time of read before casting to a signed integer.

Reported-by: Laszlo Ersek <lersek@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20180205114938.15784-4-berrange@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
1 file changed
tree: e3cb993a75f3bc55d57c64ab8a884418edc547f6
  1. accel/
  2. audio/
  3. backends/
  4. block/
  5. bsd-user/
  6. chardev/
  7. contrib/
  8. crypto/
  9. default-configs/
  10. disas/
  11. docs/
  12. fpu/
  13. fsdev/
  14. gdb-xml/
  15. hw/
  16. include/
  17. io/
  18. libdecnumber/
  19. linux-headers/
  20. linux-user/
  21. migration/
  22. nbd/
  23. net/
  24. pc-bios/
  25. po/
  26. qapi/
  27. qga/
  28. qobject/
  29. qom/
  30. replay/
  31. roms/
  32. scripts/
  33. scsi/
  34. slirp/
  35. stubs/
  36. target/
  37. tcg/
  38. tests/
  39. trace/
  40. ui/
  41. util/
  42. capstone
  43. dtc
  44. .dir-locals.el
  45. .editorconfig
  46. .exrc
  47. .gdbinit
  48. .gitignore
  49. .gitmodules
  50. .mailmap
  51. .shippable.yml
  52. .travis.yml
  53. arch_init.c
  54. balloon.c
  55. block.c
  56. blockdev-nbd.c
  57. blockdev.c
  58. blockjob.c
  59. bootdevice.c
  60. bt-host.c
  61. bt-vhci.c
  62. Changelog
  63. CODING_STYLE
  64. configure
  65. COPYING
  66. COPYING.LIB
  67. COPYING.PYTHON
  68. cpus-common.c
  69. cpus.c
  70. device-hotplug.c
  71. device_tree.c
  72. disas.c
  73. dma-helpers.c
  74. dump.c
  75. exec.c
  76. gdbstub.c
  77. HACKING
  78. hmp-commands-info.hx
  79. hmp-commands.hx
  80. hmp.c
  81. hmp.h
  82. ioport.c
  83. iothread.c
  84. LICENSE
  85. MAINTAINERS
  86. Makefile
  87. Makefile.objs
  88. Makefile.target
  89. memory.c
  90. memory_ldst.inc.c
  91. memory_mapping.c
  92. module-common.c
  93. monitor.c
  94. numa.c
  95. os-posix.c
  96. os-win32.c
  97. qapi-schema.json
  98. qdev-monitor.c
  99. qdict-test-data.txt
  100. qemu-bridge-helper.c
  101. qemu-doc.texi
  102. qemu-ga.texi
  103. qemu-img-cmds.hx
  104. qemu-img.c
  105. qemu-img.texi
  106. qemu-io-cmds.c
  107. qemu-io.c
  108. qemu-keymap.c
  109. qemu-nbd.c
  110. qemu-nbd.texi
  111. qemu-option-trace.texi
  112. qemu-options-wrapper.h
  113. qemu-options.h
  114. qemu-options.hx
  115. qemu-seccomp.c
  116. qemu-tech.texi
  117. qemu.nsi
  118. qemu.sasl
  119. qmp.c
  120. qtest.c
  121. README
  122. replication.c
  123. replication.h
  124. rules.mak
  125. thunk.c
  126. tpm.c
  127. trace-events
  128. VERSION
  129. version.rc
  130. vl.c