Skip to content

Commit

Permalink
gtk: avoid oob array access
Browse files Browse the repository at this point in the history 
When too many consoles are created, vcs[] may be write out-of-bounds.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20161207105511.25173-1-marcandre.lureau@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
  • Loading branch information
@elmarco @kraxel
elmarco authored and kraxel committed Jan 10, 2017
1 parent 6250dff commit c952b71
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions ui/gtk.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1706,6 +1706,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *vc, Error **errp)
ChardevCommon *common = qapi_ChardevVC_base(vc);
CharDriverState *chr;

if (nb_vcs == MAX_VCS) {
error_setg(errp, "Maximum number of consoles reached");
return NULL;
}

chr = qemu_chr_alloc(common, errp);
if (!chr) {
return NULL;
Expand Down

0 comments on commit c952b71

Please sign in to comment.