mirror of
https://gitlab.uni-freiburg.de/opensourcevdi/spice-common
synced 2025-12-26 22:55:35 +00:00
a69fb1ec34
Make code safe using both 32 and 64 bit machine. Consider that this code can be compiled for machines with 32 bit. There are some arrays length which are 32 bit. If size_t this can cause easily an overflow. For instance message_len sending SPICE_MSG_NOTIFY messages are 32 bit and code add a small constant (currently 24) before doing the test for size. Now passing (uint32_t) -20 as message_len would lead to a size of 4 after the addition. This overflow does not happen on 64 bit machine as the length is converted to size_t. There are also some array length where some item are bigger than 1 byte. For instance SPICE_MAIN_CHANNELS_LIST message have a number of channels and each channel is composed by 2 bytes. Now the code generated try to do length * 2 where length is still a 32 bit so if we put a value like 0x80000002u we get 4 as length. This will cause an overflow as code will allocate very few bytes but try to fill with a huge number of elements. This overflow happen in both 32 and 64 bit machine. To avoid all these possible overflows this patch use only 64 bit for nelements (number of elements), nw_size (network size) and mem_size (memory size needed) checking the sizes to avoid other overflows (like pointers conversions under 32 bit machines). Signed-off-by: Frediano Ziglio <fziglio@redhat.com> Acked-by: Christophe de Dinechin <dinechin@redhat.com> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| codegen.py | ||
| demarshal.py | ||
| Makefile.am | ||
| marshal.py | ||
| ptypes.py | ||
| spice_parser.py | ||