diff options
| author | ths <ths@c046a42c-6fe2-441c-8c8c-71466251a162> | 2007-09-13 12:41:42 +0000 |
|---|---|---|
| committer | ths <ths@c046a42c-6fe2-441c-8c8c-71466251a162> | 2007-09-13 12:41:42 +0000 |
| commit | baa7666c74e7495c0982afe2a566aabcd4dbe1ac (patch) | |
| tree | 42a32819ae3d93d64302c2d481fbcdd43ef5c293 | |
| parent | b7ffa3b1d25f2c68e851dc65fbfd97762f6c1748 (diff) | |
| download | focaccia-qemu-baa7666c74e7495c0982afe2a566aabcd4dbe1ac.tar.gz focaccia-qemu-baa7666c74e7495c0982afe2a566aabcd4dbe1ac.zip | |
Fix infinite loop in VNC support, by Marc Bevand.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3169 c046a42c-6fe2-441c-8c8c-71466251a162
| -rw-r--r-- | vnc.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/vnc.c b/vnc.c index 64906980c3..75e4fc9686 100644 --- a/vnc.c +++ b/vnc.c @@ -1195,8 +1195,11 @@ static int protocol_client_msg(VncState *vs, char *data, size_t len) if (len == 1) return 8; - if (len == 8) - return 8 + read_u32(data, 4); + if (len == 8) { + uint32_t dlen = read_u32(data, 4); + if (dlen > 0) + return 8 + dlen; + } client_cut_text(vs, read_u32(data, 4), data + 8); break; |