Fix infinite loop in VNC support, by Marc Bevand.
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3169 c046a42c-6fe2-441c-8c8c-71466251a162
This commit is contained in:
parent
b7ffa3b1d2
commit
baa7666c74
7
vnc.c
7
vnc.c
@ -1195,8 +1195,11 @@ static int protocol_client_msg(VncState *vs, char *data, size_t len)
|
||||
if (len == 1)
|
||||
return 8;
|
||||
|
||||
if (len == 8)
|
||||
return 8 + read_u32(data, 4);
|
||||
if (len == 8) {
|
||||
uint32_t dlen = read_u32(data, 4);
|
||||
if (dlen > 0)
|
||||
return 8 + dlen;
|
||||
}
|
||||
|
||||
client_cut_text(vs, read_u32(data, 4), data + 8);
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user