At red-parse-qxl.cpp#L535
if (qxl_flags & QXL_BITMAP_DIRECT) {
red->u.bitmap.data = red_get_image_data_flat(slots, group_id,
qxl->bitmap.data,
bitmap_size);
Since qxl->bitmap.data may from the guest, an attacker can make the
memslot_get_virt() check in red_get_image_data_flat() fail and
return a nullptr.
Then at red-parse-qxl.cpp#L550
if (qxl_flags & QXL_BITMAP_UNSTABLE) {
red->u.bitmap.data->flags |= SPICE_CHUNKS_FLAGS_UNSTABLE;
}
qxl_flags is assigned as qxl->bitmap.flags before, which can also be
controlled by the attacker, resulting in a NULL pointer dereference.
This dereference seems to be introduced by commit 5ac88aa7.
Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com>
By default configure script detected if source directory is a
git repository and by default enable -Werror option.
This normally detects that you are developing but some build
packagers (like rpm spec with git_am option) uses git to manage
additional patches on top of source making the detection fail
and causing the build to fail.
Build packagers should not use -Werror.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
FreeBSD's setsockopt() behaves just like Dawrin, i.e. sets errno to
EINVAL instead of ENOTSUP, so extend the Darwin workaround to work for
FreeBSD as well.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
On FreeBSD, netinet/in.h needs to be included to use IPPROTO_TCP.
Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
Compiler error for cross builds using mingw-w64:
In file included from /usr/share/mingw-w64/include/winnt.h:150,
from /usr/share/mingw-w64/include/minwindef.h:163,
from /usr/share/mingw-w64/include/windef.h:9,
from /usr/share/mingw-w64/include/windows.h:69,
from /usr/share/mingw-w64/include/winsock2.h:23,
from ../../../server/spice-core.h:29,
from ../../../server/spice.h:24,
from ../../../server/spice-wrapped.h:35,
from ../../../server/red-common.h:35,
from ../../../server/jpeg-encoder.c:22:
/usr/share/mingw-w64/include/basetsd.h:31:22: error: conflicting types for ‘INT32’
typedef signed int INT32,*PINT32;
^~~~~
In file included from /usr/x86_64-w64-mingw32/sys-root/mingw/include/jpeglib.h:31,
from ../../../server/jpeg-encoder.c:20:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/jmorecfg.h:179:14: note: previous declaration of ‘INT32’ was here
typedef long INT32;
^~~~~
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
Frediano Ziglio (7):
codegen: Remove bytes array length support
codegen: Make "output_attrs" variable global
codegen: Add a check to array type
codegen: Propagate attributes to element under pointers
codegen: Propagate zero_terminated attribute
codegen: Handle zero_terminated attribute in demashaller
helper-fuzzer-demarshallers: Check also test demarshallers
Fix make distcheck
Marc-André Lureau (2):
Fix invalid vdagent buffer access
Fix build as meson subproject
Stefan Weil (1):
Add missing include file string.h
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Found with performance-move-const-arg
Allows better optimization as the compiler does not have to deal with an
rvalue reference. Especially in C++17 where std::move can prevent copy
elision.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
Found with modernize-use-nullptr
NULL in C++ is 0 whereas it is a void pointer in C. Avoids implicit
conversions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
Found with performance-for-range-copy
Avoids unnecessary copying when the loop does not modify the variable.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
Found with readability-container-size-empty
This has the potential for extra performance as it's not checking for
every single element.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
Found with performance-for-range-copy
Avoids unnecessary copying when the loop does not modify the variable.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
Found with modernize-use-equals-default
default allows extra optimization compared to an empty con/destructor.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
Found with modernize-use-override
This can be useful as compilers can generate a compile time error when:
The base class implementation function signature changes.
The user has not created the override with the correct
signature.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
Autobahn testsuite is based on Python 2.
See https://github.com/crossbario/autobahn-testsuite/issues/109.
Temporarily use an Ubuntu LTS distro still having Python 2, this will
make the job work for some years.
Hoping in the future to either:
- update Autobahn testsuite to Python 3;
- finding another testsuite for websockets.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Fix this error reported by some older Gnu C++ compilers:
./server/tests/test-display-base.cpp:818:1: sorry, unimplemented: non-trivial designated initializers not supported
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
In CentOS 8 PowerTools repository was renamed to powertools
causing the CI to fail. Rename in configuration file.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Like char devices, QXL devices need to be explicily started.
For some historical reason, char devices are started when in running
state. See commi bf1d9007b. Reading that commit comments, there was a
plan to provide an API to stop/start devices invidually, but that never
happened. Whether that API would really be useful now, I wonder.
For now, just follow the char devices behaviour and start QXL devices
added when vm_running.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.uuuuucom>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
If the worker is already started, don't assert and just return.
This fixes calling spice_server_vm_start() multiple times.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Frediano Ziglio <freddy77@gmail.com>
- remove entry for g-type-register-static: the "possible" flag has been
re-introduced in glib.supp
- add new entries for several calloc issues
Signed-off-by: Julien Ropé <jrope@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Really minor update to fix Meson build for release: additional files
cause the version string to contain "-dirty" which is not handled, so
doing a "git clean" fix the issue.
Autoconf did not trigger the issue as printf command give a
warning but strip what is not a number.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <ulublin@redhat.com>
Without diffutils, configure complains it can not find commands cmp and diff.
For example check-valgrind log shows:
checking for a working dd... ./configure: line 6852: cmp: command not found
./configure: line 6852: cmp: command not found
Signed-off-by: Uri Lublin <uril@redhat.com>
Reduce code duplication.
Also this improve support for big endian machines as
agent_check_message fix also message endianess.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <ulublin@redhat.com>
Big endian machines on server are not officially supported but won't
hurt.
Messages from client are always encoded as little endian (as all
SPICE protocol).
Convert fields from little endian to host endian on some places
where numbers are used and not just binary copied.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <ulublin@redhat.com>
This brings in the following changes:
Frediano Ziglio (18):
snd_codec: Use better types for snd_codec_is_capable
snd_codec: Use better type for function result
snd_codec: Use better type for snd_codec_create mode
backtrace: Do not attempt to compile if spice_backtrace is empty
Avoid usage of GCC extension for __VA_ARGS__ where possible
helper-fuzzer-demarshallers: Provide replacement for ftello for MSVC
quic_tmpl: Remove unused bpc parameter
ssl_verify: Do not check IP if we fail to resolve it
proto: Add support for side mouse buttons
quic: Constify a parameter
quic: Fix typo in comment
agent: Extend agent_check_message to support VDAgentMonitorsConfig extension
quic: Check we have some data to start decoding quic image
quic: Check image size in quic_decode_begin
quic: Check RLE lengths
quic: Avoid possible buffer overflow in find_bucket
test-quic: Add fuzzer capabilities to the test
test-quic: Add test cases for quic fuzzer
Haochen Tong (2):
pixman_utils: fix clang "unused functions" warning
marshal: fix clang "missing field initializer" warning on generated files
Marc-André Lureau (1):
agent: fix vdagent monitor flag filtering
Changes in sound.cpp are required due to improved types.
In particular some security related changes are imported.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <ulublin@redhat.com>
In configure.ac the micro version is incremented if there is a
forth component in the version.
In Meson this was wrongly translated to "if contains git".
This fixes Gitlab issue #46.
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
Remove some possible warning, like
reds.cpp:216:18: warning: 'remove_client' overrides a member function but is not marked 'override' [clang-diagnostic-inconsistent-missing-override]
virtual void remove_client(RedCharDeviceClientOpaque *opaque);
^
Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <ulublin@redhat.com>
