mirror of
https://gitlab.uni-freiburg.de/opensourcevdi/spice-gtk
synced 2026-02-03 11:59:15 +00:00
c6da455fe6
Thanks to ASAN, I found this off-by-one memory access in the unix2dos
code:
/util/unix2dos: =================================================================
==23589==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000dd2f at pc 0x00000040428e bp 0x7ffd6fc31b90 sp 0x7ffd6fc31b80
READ of size 1 at 0x60200000dd2f thread T0
#0 0x40428d in spice_convert_newlines /home/elmarco/src/spice/spice-gtk/src/spice-util.c:355
#1 0x40443a in spice_unix2dos /home/elmarco/src/spice/spice-gtk/src/spice-util.c:382
#2 0x401eae in test_unix2dos /home/elmarco/src/spice/spice-gtk/tests/util.c:69
#3 0x7fb8bcd81983 (/lib64/libglib-2.0.so.0+0x6e983)
#4 0x7fb8bcd81b4e (/lib64/libglib-2.0.so.0+0x6eb4e)
#5 0x7fb8bcd81d5d in g_test_run_suite (/lib64/libglib-2.0.so.0+0x6ed5d)
#6 0x7fb8bcd81d80 in g_test_run (/lib64/libglib-2.0.so.0+0x6ed80)
#7 0x402cce in main /home/elmarco/src/spice/spice-gtk/tests/util.c:207
#8 0x7fb8bc755730 in __libc_start_main (/lib64/libc.so.6+0x20730)
#9 0x401818 in _start (/home/elmarco/src/spice/spice-gtk/tests/util+0x401818)
0x60200000dd2f is located 1 bytes to the left of 4-byte region [0x60200000dd30,0x60200000dd34)
allocated by thread T0 here:
#0 0x7fb8c10421d0 in realloc (/lib64/libasan.so.3+0xc71d0)
#1 0x7fb8bcd61f1f in g_realloc (/lib64/libglib-2.0.so.0+0x4ef1f)
SUMMARY: AddressSanitizer: heap-buffer-overflow /home/elmarco/src/spice/spice-gtk/src/spice-util.c:355 in spice_convert_newlines
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||
|---|---|---|
| build-aux | ||
| data | ||
| doc | ||
| m4 | ||
| man | ||
| po | ||
| spice-common@1c97fea956 | ||
| src | ||
| tests | ||
| vapi | ||
| .gitmodules | ||
| .mailmap | ||
| AUTHORS | ||
| autogen.sh | ||
| configure.ac | ||
| COPYING | ||
| git.mk | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
| spice-client-glib-2.0.pc.in | ||
| spice-client-gtk-3.0.pc.in | ||
| spice-controller.pc.in | ||
| TODO | ||
spice-gtk
=========
A Gtk client and libraries for SPICE remote desktop servers.
Please report bugs at: spice-devel@lists.freedesktop.org
Project content
---------------
libspice-client-glib-2.0
provides glib objects for spice protocol decoding and surface rendering.
* SpiceSession (see spice-session.h).
* SpiceChannel (see spice-channel.h).
* SpiceAudio (see spice-audio.h).
* Various Spice<Type>Channel (see channel-<type>.h).
libspice-client-gtk-3.0
provides gtk widget to show spice display and accept user input.
* SpiceDisplay (see spice-widget.h)
spicy
a gtk test client. The recommended client for end user is
virt-viewer (http://git.fedorahosted.org/cgit/virt-viewer.git/)
spicy-screenshot
Command line tool, connects to spice server and writes out a
screen shot.
spicy-stats
Command line tool, connects to spice server and writes out a
summary of connection details, amount of bytes transferred...
SpiceClientGlib and SpiceClientGtk GObject-introspection modules.
Build dependencies:
------------------
. On Fedora use:
dnf builddep spice-gtk
. or install:
gtk3-devel spice-protocol intltool
openssl-devel pulseaudio-libs-devel pixman-devel
gobject-introspection-devel libjpeg-turbo-devel zlib-devel
cyrus-sasl-devel gtk-doc
. The GStreamer backend needs:
gstreamer1-devel gstreamer1-plugins-base-devel gstreamer1-plugins-good gstreamer1-plugins-bad-free
. If you build from git, you'll also need:
libtool automake vala vala-tools perl-Text-CSV