From c952b71582e2e4be286087ad34de5e3ec1b8d974 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Wed, 7 Dec 2016 13:55:11 +0300 Subject: [PATCH] gtk: avoid oob array access MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When too many consoles are created, vcs[] may be write out-of-bounds. Signed-off-by: Marc-André Lureau Message-id: 20161207105511.25173-1-marcandre.lureau@redhat.com Signed-off-by: Gerd Hoffmann --- ui/gtk.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ui/gtk.c b/ui/gtk.c index 356f400af5..86368e38b7 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -1706,6 +1706,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *vc, Error **errp) ChardevCommon *common = qapi_ChardevVC_base(vc); CharDriverState *chr; + if (nb_vcs == MAX_VCS) { + error_setg(errp, "Maximum number of consoles reached"); + return NULL; + } + chr = qemu_chr_alloc(common, errp); if (!chr) { return NULL;