qemu/ui
Peter Lieven bea60dd767 ui/vnc: fix potential memory corruption issues
this patch makes the VNC server work correctly if the
server surface and the guest surface have different sizes.

Basically the server surface is adjusted to not exceed VNC_MAX_WIDTH
x VNC_MAX_HEIGHT and additionally the width is rounded up to multiple of
VNC_DIRTY_PIXELS_PER_BIT.

If we have a resolution whose width is not dividable by VNC_DIRTY_PIXELS_PER_BIT
we now get a small black bar on the right of the screen.

If the surface is too big to fit the limits only the upper left area is shown.

On top of that this fixes 2 memory corruption issues:

The first was actually discovered during playing
around with a Windows 7 vServer. During resolution
change in Windows 7 it happens sometimes that Windows
changes to an intermediate resolution where
server_stride % cmp_bytes != 0 (in vnc_refresh_server_surface).
This happens only if width % VNC_DIRTY_PIXELS_PER_BIT != 0.

The second is a theoretical issue, but is maybe exploitable
by the guest. If for some reason the guest surface size is bigger
than VNC_MAX_WIDTH x VNC_MAX_HEIGHT we end up in severe corruption since
this limit is nowhere enforced.

Signed-off-by: Peter Lieven <pl@kamp.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2014-07-01 13:26:40 +02:00
..
cocoa.m ui/cocoa: Honour -show-cursor command line option 2014-06-29 22:00:33 +01:00
console.c qemu-char: introduce qemu_chr_alloc 2014-06-23 11:12:28 -04:00
curses_keys.h
curses.c input/curses: add kbd delay between keydown and keyup events 2014-06-04 08:40:42 +02:00
cursor_hidden.xpm
cursor_left_ptr.xpm
cursor.c
d3des.c
d3des.h
gtk.c gtk: update window size after showing/hiding tabs 2014-06-11 14:26:49 +02:00
input-keymap.c input: keymap: add meta keys 2014-05-26 08:42:43 +02:00
input-legacy.c input: use kbd delays for send_key monitor command 2014-06-04 08:40:41 +02:00
input.c input: add support for kbd delays 2014-06-04 08:40:41 +02:00
keymaps.c qemu-char: add support for U-prefixed symbols 2013-11-13 15:48:38 +04:00
keymaps.h
Makefile.objs input: key mapping helpers 2014-05-16 08:30:11 +02:00
qemu-pixman.c
qemu-x509.h
sdl2-keymap.h ui/sdl2 : initial port to SDL 2.0 (v2.0) 2014-03-05 09:52:05 +01:00
sdl2.c sdl2: textinput + terminal 2014-06-02 16:28:58 +02:00
sdl_keysym.h ui/sdl2 : initial port to SDL 2.0 (v2.0) 2014-03-05 09:52:05 +01:00
sdl_zoom_template.h
sdl_zoom.c
sdl_zoom.h
sdl.c input: sdl: fix guest_cursor logic. 2014-03-10 13:49:44 +01:00
spice-core.c qapi event: convert SPICE events 2014-06-23 11:12:28 -04:00
spice-display.c spice: fix 32bit build 2014-06-20 16:22:07 +01:00
spice-input.c spice: input: Fix absolute mouse y coordinates 2014-03-24 08:41:21 +01:00
vgafont.h
vnc_keysym.h qemu-char: add missing characters used in keymaps 2013-11-13 15:48:38 +04:00
vnc-auth-sasl.c
vnc-auth-sasl.h
vnc-auth-vencrypt.c
vnc-auth-vencrypt.h
vnc-enc-hextile-template.h
vnc-enc-hextile.c
vnc-enc-tight.c vnc-enc-tight: Fix divide-by-zero in tight_detect_smooth_image{16,24,32} 2014-06-02 16:30:52 +02:00
vnc-enc-tight.h
vnc-enc-zlib.c
vnc-enc-zrle-template.c
vnc-enc-zrle.c
vnc-enc-zrle.h
vnc-enc-zywrle-template.c
vnc-enc-zywrle.h misc: Spelling and grammar fixes in comments 2013-10-26 13:06:45 +04:00
vnc-jobs.c vnc dirty tracking optinizations. 2014-03-11 10:53:17 +00:00
vnc-jobs.h
vnc-palette.c
vnc-palette.h
vnc-tls.c vnc: Drop superfluous conditionals around g_free() 2014-06-19 12:48:07 +02:00
vnc-tls.h
vnc-ws.c
vnc-ws.h
vnc.c ui/vnc: fix potential memory corruption issues 2014-07-01 13:26:40 +02:00
vnc.h ui/vnc: fix potential memory corruption issues 2014-07-01 13:26:40 +02:00
x_keymap.c
x_keymap.h