pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-26 22:48:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Avoid race condition copying segments in red_get_path

Browse Source 
The guest can attempt to increase the number of segments while
spice-server is reading them.
Make sure we don't copy more then the allocated segments.

Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
This commit is contained in:
Frediano Ziglio 2015-09-15 16:38:23 +01:00
parent 2693e0497e
commit 2b6695f122
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/red_parse_qxl.c
View File

@ -272,7 +272,7 @@ static SpicePath *red_get_path(RedMemSlotInfo *slots, int group_id,
seg = (SpicePathSeg*)&red->segments[n_segments];
n_segments = 0;
mem_size2 = sizeof(*red);
while (start+1 < end) {
while (start+1 < end && n_segments < red->num_segments) {
red->segments[n_segments++] = seg;
count = start->count;