[spice-server PATCH 1/3] red_get_surface_cmd: avoid overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Although unlikely, theoretically, multiplying two 32-bit
numbers may overflow.

Found by coverity.

Signed-off-by: Uri Lublin <uril@xxxxxxxxxx>
---
 server/red-parse-qxl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c
index 33f36923a..0ffa5f7d4 100644
--- a/server/red-parse-qxl.c
+++ b/server/red-parse-qxl.c
@@ -1397,7 +1397,7 @@ bool red_get_surface_cmd(RedMemSlotInfo *slots, int group_id,
             return false;
         }
 
-        size = red->u.surface_create.height * abs(red->u.surface_create.stride);
+        size = red->u.surface_create.height * (uint64_t)abs(red->u.surface_create.stride);
         red->u.surface_create.data =
             (uint8_t*)memslot_get_virt(slots, qxl->u.surface_create.data, size, group_id, &error);
         if (error) {
-- 
2.13.3

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]