Add patch for rhbz#1720532
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This commit is contained in:
Marc-André Lureau
parent
ef14f5ab9a
commit
98b314bed6
@ -0,0 +1,57 @@
|
||||
From c188c382afcad1a054541f8b101fa1044e2289cf Mon Sep 17 00:00:00 2001
|
||||
From: Frediano Ziglio <fziglio@redhat.com>
|
||||
Date: Sun, 2 Jun 2019 19:02:25 +0100
|
||||
Subject: [PATCH spice-gtk] vmcstream: Fix buffer overflow sending data to task
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
The "count" variable is used to store the full length of the
|
||||
initial buffer set using spice_vmc_input_stream_read_all_async or
|
||||
spice_vmc_input_stream_read_async.
|
||||
However on spice_vmc_input_stream_co_data the "buffer" variable is
|
||||
increased by the amount read into it.
|
||||
On potential next loop "count" is still used to compute the bytes to
|
||||
read but now "buffer + count" points past the original buffer.
|
||||
So we need to take into account the position written in order to
|
||||
compute the right limit.
|
||||
Tested with WebDAV.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1720532
|
||||
|
||||
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
|
||||
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
|
||||
---
|
||||
src/vmcstream.c | 11 +++++------
|
||||
1 file changed, 5 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/vmcstream.c b/src/vmcstream.c
|
||||
index 0634bce..86c949a 100644
|
||||
--- a/src/vmcstream.c
|
||||
+++ b/src/vmcstream.c
|
||||
@@ -142,17 +142,16 @@ spice_vmc_input_stream_co_data(SpiceVmcInputStream *self,
|
||||
|
||||
g_return_if_fail(self->task != NULL);
|
||||
|
||||
- gsize min = MIN(self->count, size);
|
||||
- memcpy(self->buffer, data, min);
|
||||
+ gsize min = MIN(self->count - self->pos, size);
|
||||
+ memcpy(self->buffer + self->pos, data, min);
|
||||
|
||||
size -= min;
|
||||
data += min;
|
||||
|
||||
- SPICE_DEBUG("spicevmc co_data complete: %" G_GSIZE_FORMAT
|
||||
- "/%" G_GSIZE_FORMAT, min, self->count);
|
||||
-
|
||||
self->pos += min;
|
||||
- self->buffer += min;
|
||||
+
|
||||
+ SPICE_DEBUG("spicevmc co_data complete: %" G_GSIZE_FORMAT
|
||||
+ "/%" G_GSIZE_FORMAT, self->pos, self->count);
|
||||
|
||||
if (self->all && min > 0 && self->pos != self->count)
|
||||
continue;
|
||||
--
|
||||
2.22.0.rc2.384.g1a9a72ea1d
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: spice-gtk
|
||||
Version: 0.37
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: A GTK+ widget for SPICE clients
|
||||
|
||||
License: LGPLv2+
|
||||
@ -12,6 +12,8 @@ Source0: https://www.spice-space.org/download/gtk/%{name}-%{version}%{?_v
|
||||
Source1: https://www.spice-space.org/download/gtk/%{name}-%{version}%{?_version_suffix}.tar.bz2.sig
|
||||
Source2: victortoso-E37A484F.keyring
|
||||
|
||||
Patch0001: 0001-vmcstream-Fix-buffer-overflow-sending-data-to-task.patch
|
||||
|
||||
BuildRequires: git-core
|
||||
BuildRequires: meson
|
||||
BuildRequires: intltool
|
||||
@ -192,6 +194,9 @@ gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||
%{_bindir}/spicy-stats
|
||||
|
||||
%changelog
|
||||
* Fri Jun 14 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 0.37-2
|
||||
- Add 0001-vmcstream-Fix-buffer-overflow-sending-data-to-task.patch fix. rhbz#1720532
|
||||
|
||||
* Thu May 16 2019 Victor Toso <victortoso@redhat.com> - 0.37-1
|
||||
- Update to v0.37
|
||||
- Add gpg check to release's signature
|
||||
|
||||
Loading…
Reference in New Issue
Block a user