1. 21 Aug, 2011 1 commit
  2. 09 Apr, 2011 1 commit
    • Michael Tokarev's avatar
      vnc: tight: Fix crash after 2GB of output · 2caa9e9d
      Michael Tokarev authored
      fix 2Gb integer overflow in in VNC tight and zlib encodings
      As found by Roland Dreier <roland@purestorage.com> (excellent
      catch!), when amount of VNC compressed data produced by zlib
      and sent to client exceeds 2Gb, integer overflow occurs because
      currently, we calculate amount of data produced at each step by
      comparing saved total_out with new total_out, and total_out is
      something which grows without bounds.  Compare it with previous
      avail_out instead of total_out, and leave total_out alone.
      The same code is used in vnc-enc-tight.c and vnc-enc-zlib.c,
      so fix both cases.
      There, there's no actual need to save previous_out value, since
      capacity-offset (which is how that value is calculated) stays
      the same so it can be recalculated again after call to deflate(),
      but whole thing becomes less readable this way.
      Reported-by: default avatarRoland Dreier <roland@purestorage.com>
      Signed-off-by: default avatarMichael Tokarev <mjt@tls.msk.ru>
      Signed-off-by: default avatarCorentin Chary <corentin.chary@gmail.com>
      Signed-off-by: default avatarAurelien Jarno <aurelien@aurel32.net>
  3. 26 Jul, 2010 3 commits
  4. 01 Jun, 2010 6 commits
  5. 03 May, 2010 1 commit