On Mon, Sep 04, 2017 at 11:57:09AM +0100, Frediano Ziglio wrote: > As the indexes are used to compute the index inside an array > using module operation when a signed value overflows the "modulo" ... "when a signed value overflows, the modulo becomes negative, causing a buffer overflow" Acked-by: Christophe Fergeau <cfergeau@xxxxxxxxxx> > modules became negative causing a buffer underflow. > Unlikely to happens (take lot of time) but is safer that way. > > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> > --- > server/tests/test-display-base.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/server/tests/test-display-base.c b/server/tests/test-display-base.c > index 26fe7c8a..69e0b8d2 100644 > --- a/server/tests/test-display-base.c > +++ b/server/tests/test-display-base.c > @@ -464,8 +464,8 @@ static void get_init_info(SPICE_GNUC_UNUSED QXLInstance *qin, > // which cannot be done from red_worker context (not via dispatcher, > // since you get a deadlock, and it isn't designed to be done > // any other way, so no point testing that). > -static int commands_end = 0; > -static int commands_start = 0; > +static unsigned int commands_end = 0; > +static unsigned int commands_start = 0; > static struct QXLCommandExt* commands[1024]; > > #define COMMANDS_SIZE G_N_ELEMENTS(commands) > -- > 2.13.5 > > _______________________________________________ > Spice-devel mailing list > Spice-devel@xxxxxxxxxxxxxxxxxxxxx > https://lists.freedesktop.org/mailman/listinfo/spice-devel _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel