From dad108edb156c889a63ee7f4d7a2844d6cf0db97 Mon Sep 17 00:00:00 2001 From: Uri Lublin Date: Tue, 6 Dec 2016 18:06:27 +0200 Subject: [PATCH] image_encoders: check shared_dict before accessing it In both image_encoders_restore_glz_dictionary() and image_encoders_get_glz_dictionary() shared-dict may be NULL if size is too large, and the server gets size from the network. Both functions end up calling glz_enc_dictionary_create() that calls glz_dictionary_window_create() where size is checked. Found by coverity. Signed-off-by: Uri Lublin Acked-by: Frediano Ziglio --- server/image-encoders.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/server/image-encoders.c b/server/image-encoders.c index 3a73e0c4..0d572601 100644 --- a/server/image-encoders.c +++ b/server/image-encoders.c @@ -746,7 +746,9 @@ gboolean image_encoders_get_glz_dictionary(ImageEncoders *enc, shared_dict->refs++; } else { shared_dict = create_glz_dictionary(enc, client, id, window_size); - glz_dictionary_list = g_list_prepend(glz_dictionary_list, shared_dict); + if (shared_dict != NULL) { + glz_dictionary_list = g_list_prepend(glz_dictionary_list, shared_dict); + } } pthread_mutex_unlock(&glz_dictionary_list_lock); @@ -782,7 +784,9 @@ gboolean image_encoders_restore_glz_dictionary(ImageEncoders *enc, shared_dict->refs++; } else { shared_dict = restore_glz_dictionary(enc, client, id, restore_data); - glz_dictionary_list = g_list_prepend(glz_dictionary_list, shared_dict); + if(shared_dict != NULL) { + glz_dictionary_list = g_list_prepend(glz_dictionary_list, shared_dict); + } } pthread_mutex_unlock(&glz_dictionary_list_lock);