Use memmove instead of memcpy as the buffer can overlap if the second
request if bigger than the first.
"buf_pos" points to the point of the buffer after we read, if we want
the first part of the next request is "buf_pos - remaining".
Same consideration setting "buf_pos" for the next iteration.
Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
---
server/smartcard.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/server/smartcard.c b/server/smartcard.c
index 4c5bba07d..bf5e90520 100644
--- a/server/smartcard.c
+++ b/server/smartcard.c
@@ -150,9 +150,9 @@ static RedPipeItem *smartcard_read_msg_from_device(RedCharDevice *self,
msg_to_client = smartcard_char_device_on_message_from_device(dev, vheader);
remaining = dev->priv->buf_used - sizeof(VSCMsgHeader) - actual_length;
if (remaining > 0) {
- memcpy(dev->priv->buf, dev->priv->buf_pos, remaining);
+ memmove(dev->priv->buf, dev->priv->buf_pos - remaining, remaining);
}
- dev->priv->buf_pos = dev->priv->buf;
+ dev->priv->buf_pos = dev->priv->buf + remaining;
dev->priv->buf_used = remaining;
if (msg_to_client) {
return &msg_to_client->base;
--
2.21.0
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel