diff options
| author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2016-12-07 13:55:11 +0300 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2017-01-10 08:14:20 +0100 |
| commit | c952b71582e2e4be286087ad34de5e3ec1b8d974 (patch) | |
| tree | 4213da6c48cc26c8b9d686a0dcad427ef1362501 | |
| parent | 6250dff39a358a5f61cbaf085bf8be739a6c73f3 (diff) | |
| download | focaccia-qemu-c952b71582e2e4be286087ad34de5e3ec1b8d974.tar.gz focaccia-qemu-c952b71582e2e4be286087ad34de5e3ec1b8d974.zip | |
gtk: avoid oob array access
When too many consoles are created, vcs[] may be write out-of-bounds. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20161207105511.25173-1-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| -rw-r--r-- | ui/gtk.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/ui/gtk.c b/ui/gtk.c index 356f400af5..86368e38b7 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -1706,6 +1706,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *vc, Error **errp) ChardevCommon *common = qapi_ChardevVC_base(vc); CharDriverState *chr; + if (nb_vcs == MAX_VCS) { + error_setg(errp, "Maximum number of consoles reached"); + return NULL; + } + chr = qemu_chr_alloc(common, errp); if (!chr) { return NULL; |