pxcloud/spice-common
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice-common synced 2026-01-05 08:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

lz: Avoid buffer reading overflow checking for image type

Browse Source 
The type of the image is just copied from network without
any check and later used for array indexing.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
This commit is contained in:
Frediano Ziglio 2017-12-22 18:43:00 +00:00
parent 16aa8c98d8
commit 3050b4e1f6
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common/lz.c
View File

@ -593,6 +593,9 @@ void lz_decode_begin(LzContext *lz, uint8_t *io_ptr, unsigned int num_io_bytes,
}
encoder->type = (LzImageType)decode_32(encoder);
if (encoder->type <= LZ_IMAGE_TYPE_INVALID || encoder->type > LZ_IMAGE_TYPE_A8) {
encoder->usr->error(encoder->usr, "invalid lz type %d\n", encoder->type);
}
encoder->width = decode_32(encoder);
encoder->height = decode_32(encoder);
encoder->stride = decode_32(encoder);