xemu/ui
Michael Tokarev 2caa9e9d2e vnc: tight: Fix crash after 2GB of output
fix 2Gb integer overflow in in VNC tight and zlib encodings

As found by Roland Dreier <roland@purestorage.com> (excellent
catch!), when amount of VNC compressed data produced by zlib
and sent to client exceeds 2Gb, integer overflow occurs because
currently, we calculate amount of data produced at each step by
comparing saved total_out with new total_out, and total_out is
something which grows without bounds.  Compare it with previous
avail_out instead of total_out, and leave total_out alone.

The same code is used in vnc-enc-tight.c and vnc-enc-zlib.c,
so fix both cases.

There, there's no actual need to save previous_out value, since
capacity-offset (which is how that value is calculated) stays
the same so it can be recalculated again after call to deflate(),
but whole thing becomes less readable this way.

Reported-by: Roland Dreier <roland@purestorage.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Corentin Chary <corentin.chary@gmail.com>
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
2011-04-10 00:14:51 +02:00
..
cocoa.m Delete useless 'extern' qualifiers for functions 2011-01-23 16:21:20 +00:00
curses_keys.h curses: Fix control-{@[\]^_} and ESC 2010-10-21 18:31:28 +02:00
curses.c curses: Fix control-{@[\]^_} and ESC 2010-10-21 18:31:28 +02:00
d3des.c
d3des.h Delete useless 'extern' qualifiers for functions 2011-01-23 16:21:20 +00:00
keymaps.c
keymaps.h
qemu-spice.h spice: add chardev (v5) 2011-01-24 15:41:40 +01:00
sdl_keysym.h
sdl_zoom_template.h
sdl_zoom.c
sdl_zoom.h
sdl.c ui/sdl: Load optional QEMU icon 2011-04-01 21:53:57 +02:00
spice-core.c change all rt_clock references to use millisecond resolution accessors 2011-03-21 09:23:23 +01:00
spice-display.c spice-display: replace private lock with qemu mutex. 2010-11-02 12:43:04 +01:00
spice-display.h spice-display: replace private lock with qemu mutex. 2010-11-02 12:43:04 +01:00
spice-input.c spice: add tablet support 2010-09-21 18:36:43 +02:00
vnc_keysym.h vnc: added missing name->keysym pairs for Polish national characters 2011-04-01 22:29:27 +02:00
vnc-auth-sasl.c vnc-auth-sasl: fix a memory leak 2011-01-12 19:48:56 +00:00
vnc-auth-sasl.h
vnc-auth-vencrypt.c
vnc-auth-vencrypt.h
vnc-enc-hextile-template.h vnc: rename vnc-encoding-* vnc-enc-* 2010-07-26 17:36:13 -05:00
vnc-enc-hextile.c vnc: encapsulate encoding members 2010-07-26 17:36:14 -05:00
vnc-enc-tight.c vnc: tight: Fix crash after 2GB of output 2011-04-10 00:14:51 +02:00
vnc-enc-tight.h vnc: tight add PNG encoding 2010-07-26 17:36:14 -05:00
vnc-enc-zlib.c vnc: tight: Fix crash after 2GB of output 2011-04-10 00:14:51 +02:00
vnc-enc-zrle-template.c vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-enc-zrle.c vnc: fix uint8_t comparisons with negative values 2011-02-23 16:28:28 -06:00
vnc-enc-zrle.h vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-enc-zywrle-template.c vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-enc-zywrle.h vnc: Add ZRLE and ZYWRLE encodings. 2011-02-23 16:28:28 -06:00
vnc-jobs-async.c Refactor thread retrieval and check 2011-03-13 14:44:21 +00:00
vnc-jobs-sync.c vnc: threaded VNC server 2010-07-26 17:36:14 -05:00
vnc-jobs.h vnc: threaded VNC server 2010-07-26 17:36:14 -05:00
vnc-palette.c severe memory leak caused by broken palette_destroy() function 2011-03-25 07:28:24 -05:00
vnc-palette.h vnc: palette: and fill and color calls. 2011-02-23 16:28:28 -06:00
vnc-tls.c
vnc-tls.h
vnc.c vnc: fix build error from VNC_DIRTY_WORDS 2011-03-22 11:27:33 -05:00
vnc.h vnc: Fix stack corruption and other bitmap related bugs 2011-03-10 16:12:25 -06:00
x_keymap.c
x_keymap.h Delete useless 'extern' qualifiers for functions 2011-01-23 16:21:20 +00:00