pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-26 06:32:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

websocket: Fix possible integer overflow

Browse Source 
The shift of a uint_8 number by a number > 32 causes an overflow.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <ulublin@redhat.com>
This commit is contained in:
Frediano Ziglio 2020-06-16 11:49:19 +01:00
parent 70347f3175
commit b8f4d7d2c7
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
server/websocket.c
View File

@ -165,8 +165,9 @@ static uint64_t extract_length(const uint8_t *buf, int *used)
case LENGTH_64BIT:
*used += 8;
outlen = 0;
for (i = 56; i >= 0; i -= 8) {
outlen |= (*buf++) << i;
for (i = 0; i < 8; ++i) {
outlen <<= 8;
outlen |= *buf++;
}
break;