[gtk-vnc] Avoid array overrun setting up blt24 function
- From: Daniel P. Berrange <dberrange src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gtk-vnc] Avoid array overrun setting up blt24 function
- Date: Mon, 10 Dec 2012 16:44:36 +0000 (UTC)
commit 63f0a12da9b2bfdeb9050dc59efbb47390a25ab7
Author: Daniel P. Berrange <berrange redhat com>
Date: Fri Dec 7 15:27:36 2012 +0000
Avoid array overrun setting up blt24 function
If a VNC colourmap mode was enabled, we would attempt to access
beyond the end of the blt24 function table. There are no blt
functions that can work for this mode, so just stub out the
array with NULL, and add a later check for NULL.
src/vncbaseframebuffer.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/src/vncbaseframebuffer.c b/src/vncbaseframebuffer.c
index 283c39a..d487a3d 100644
--- a/src/vncbaseframebuffer.c
+++ b/src/vncbaseframebuffer.c
@@ -747,11 +747,13 @@ static vnc_base_framebuffer_blt_func *vnc_base_framebuffer_blt_table[6][4] = {
vnc_base_framebuffer_blt_cmap16x64 },
};
-static vnc_base_framebuffer_rgb24_blt_func *vnc_base_framebuffer_rgb24_blt_table[4] = {
+static vnc_base_framebuffer_rgb24_blt_func *vnc_base_framebuffer_rgb24_blt_table[6] = {
(vnc_base_framebuffer_rgb24_blt_func *)vnc_base_framebuffer_rgb24_blt_32x8,
(vnc_base_framebuffer_rgb24_blt_func *)vnc_base_framebuffer_rgb24_blt_32x16,
(vnc_base_framebuffer_rgb24_blt_func *)vnc_base_framebuffer_rgb24_blt_32x32,
(vnc_base_framebuffer_rgb24_blt_func *)vnc_base_framebuffer_rgb24_blt_32x64,
+ NULL, /* 8bbp cmap */
+ NULL, /* 16bpp cmap */
};
@@ -963,7 +965,10 @@ static void vnc_base_framebuffer_rgb24_blt(VncFramebuffer *iface,
vnc_base_framebuffer_reinit_render_funcs(fb);
- priv->rgb24_blt(priv, src, rowstride, x, y, width, height);
+ if (priv->rgb24_blt)
+ priv->rgb24_blt(priv, src, rowstride, x, y, width, height);
+ else
+ VNC_DEBUG("Unexpected RGB blt request in colourmap mode");
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
