gtk: avoid oob array access

When too many consoles are created, vcs[] may be write out-of-bounds. Signed-off-by: N Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20161207105511.25173-1-marcandre.lureau@redhat.com Signed-off-by: N Gerd Hoffmann <kraxel@redhat.com>

gtk: avoid oob array access
When too many consoles are created, vcs[] may be write out-of-bounds. Signed-off-by: N Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20161207105511.25173-1-marcandre.lureau@redhat.com Signed-off-by: N Gerd Hoffmann <kraxel@redhat.com>
c952b715 · Marc-André Lureau · Gerd Hoffmann · 6250dff3 · c952b715
隐藏空白更改
内联并排

Showing with 5 addition and 0 deletion

ui/gtk.c ui/gtk.c +5 -0

未找到文件。
--- a/ui/gtk.c
+++ b/ui/gtk.c
@@ -1706,6 +1706,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *vc, Error **errp)
    ChardevCommon *common = qapi_ChardevVC_base(vc);
    CharDriverState *chr;

+    if (nb_vcs == MAX_VCS) {
+        error_setg(errp, "Maximum number of consoles reached");
+        return NULL;
+    }
+
    chr = qemu_chr_alloc(common, errp);
    if (!chr) {
        return NULL;