pxcloud/spice-common
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice-common synced 2025-12-31 19:45:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

quic: avoid crash on specific images

Browse Source 
encodes_ones is called to encode a long sequence of 1 bits.
In some conditions (I manage to reproduce with a 85000x4 pixel
image fill with a single color) encodes_ones is called with a
"n" value >= 32.
This cause encode to be called with a "len" value of 32 which
trigger this assert:

   spice_assert(len > 0 && len < 32);

causing a crash. Instead of calling encode with a constant
"len" as 32 call encode_32 which is supposed to encode
exactly 32 bit.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
This commit is contained in:
Frediano Ziglio 2017-08-09 16:23:53 +01:00
parent 429ad96537
commit 70d4739ce2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common/quic.c
View File

@ -507,7 +507,7 @@ static inline void encode_ones(Encoder *encoder, unsigned int n)
unsigned int count;
for (count = n >> 5; count; count--) {
encode(encoder, ~0U, 32);
encode_32(encoder, ~0U);
}
if ((n &= 0x1f)) {