Found with readability-uppercase-literal-suffix
Avoids readability problems between lower case l and uppercase I.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
At red-parse-qxl.cpp#L535
if (qxl_flags & QXL_BITMAP_DIRECT) {
red->u.bitmap.data = red_get_image_data_flat(slots, group_id,
qxl->bitmap.data,
bitmap_size);
Since qxl->bitmap.data may from the guest, an attacker can make the
memslot_get_virt() check in red_get_image_data_flat() fail and
return a nullptr.
Then at red-parse-qxl.cpp#L550
if (qxl_flags & QXL_BITMAP_UNSTABLE) {
red->u.bitmap.data->flags |= SPICE_CHUNKS_FLAGS_UNSTABLE;
}
qxl_flags is assigned as qxl->bitmap.flags before, which can also be
controlled by the attacker, resulting in a NULL pointer dereference.
This dereference seems to be introduced by commit 5ac88aa7.
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com>
Found with modernize-use-nullptr
NULL in C++ is 0 whereas it is a void pointer in C. Avoids implicit
conversions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
