>
> It can happen that new_size, although double the previous
> io.size is still not big enough.
>
> Signed-off-by: Uri Lublin <uril@xxxxxxxxxx>
> ---
> vdagent/imagepng.cpp | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/vdagent/imagepng.cpp b/vdagent/imagepng.cpp
> index 7108675..de0eb2f 100644
> --- a/vdagent/imagepng.cpp
> +++ b/vdagent/imagepng.cpp
> @@ -61,6 +61,9 @@ static void write_to_bufio(png_structp png, png_bytep in,
> png_size_t size)
> if (io.pos + size >= io.size) {
> io.allocated = true;
> uint32_t new_size = io.size ? io.size * 2 : 4096;
> + while (io.pos + size >= new_size) {
> + new_size *= 2;
> + }
> uint8_t *p = (uint8_t*) realloc(io.buf, new_size);
> if (!p)
> png_error(png, "out of memory");
As a fix to a not merged patch I think should be squashed in the other one.
Also I think the check should be "io.pos + size > new_size" (same change on the if
above).
Frediano
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel