Acked-by: Jonathon Jongsma <jjongsma@xxxxxxxxxx>
On Fri, 2018-06-29 at 08:11 +0100, Frediano Ziglio wrote:
> Make sure the condition is handled properly.
>
> Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> ---
> vdagent/vdagent.cpp | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/vdagent/vdagent.cpp b/vdagent/vdagent.cpp
> index 60a6121..5d9e7f0 100644
> --- a/vdagent/vdagent.cpp
> +++ b/vdagent/vdagent.cpp
> @@ -1358,7 +1358,11 @@ void VDAgent::handle_chunk(VDIChunk* chunk)
>
> // got just the start, starts to collapse all chunks into a
> // single buffer
> - ASSERT(chunk->hdr.size < msg_size);
> + if (chunk->hdr.size >= msg_size) {
> + vd_printf("Invalid VDAgentMessage message");
> + _running = false;
> + return;
> + }
> _in_msg = (VDAgentMessage*)new uint8_t[msg_size];
> memcpy(_in_msg, chunk->data, chunk->hdr.size);
> _in_msg_pos = chunk->hdr.size;
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel