[RFC,spice-gtk,2/2] channel-display: fix bug when sending preferred video codecs

Submitted by Kevin Pouget on Aug. 6, 2019, 3:34 p.m.

Details

Message ID 20190806153453.20616-10-kpouget@redhat.com
State Superseded
Headers show

Not browsing as part of any series.

Commit Message

Kevin Pouget Aug. 6, 2019, 3:34 p.m.
The transfer between the codecs array and the message payload cannot
be done with memcpy because the data-type lengths are different
(gint/uint8_t).

Signed-off-by: Kevin Pouget <kpouget@redhat.com>
---
 src/channel-display.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--
2.21.0

Patch hide | download patch | download mbox

diff --git a/src/channel-display.c b/src/channel-display.c
index 44555e3..37fdbce 100644
--- a/src/channel-display.c
+++ b/src/channel-display.c
@@ -615,11 +615,17 @@  static void spice_display_send_client_preferred_video_codecs(SpiceChannel *chann
 {
     SpiceMsgOut *out;
     SpiceMsgcDisplayPreferredVideoCodecType *msg;
+    int i;

     msg = g_malloc0(sizeof(SpiceMsgcDisplayPreferredVideoCodecType) +
                     (sizeof(SpiceVideoCodecType) * ncodecs));
     msg->num_of_codecs = ncodecs;
-    memcpy(msg->codecs, codecs, sizeof(*codecs) * ncodecs);
+
+    /* cannot memcpy because codecs is gint, but msg->codecs is uint8_t
+     * but safe because codecs[i] <= 255 */
+    for (i = 0; i < ncodecs; i++) {
+        msg->codecs[i] = codecs[i];
+    }

     out = spice_msg_out_new(channel, SPICE_MSGC_DISPLAY_PREFERRED_VIDEO_CODEC_TYPE);
     out->marshallers->msgc_display_preferred_video_codec_type(out->marshaller, msg);

Comments

> 
> The transfer between the codecs array and the message payload cannot
> be done with memcpy because the data-type lengths are different
> (gint/uint8_t).
> 
> Signed-off-by: Kevin Pouget <kpouget@redhat.com>
> ---
>  src/channel-display.c | 8 +++++++-
>  1 file changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git a/src/channel-display.c b/src/channel-display.c
> index 44555e3..37fdbce 100644
> --- a/src/channel-display.c
> +++ b/src/channel-display.c
> @@ -615,11 +615,17 @@ static void
> spice_display_send_client_preferred_video_codecs(SpiceChannel *chann
>  {
>      SpiceMsgOut *out;
>      SpiceMsgcDisplayPreferredVideoCodecType *msg;
> +    int i;
> 
>      msg = g_malloc0(sizeof(SpiceMsgcDisplayPreferredVideoCodecType) +
>                      (sizeof(SpiceVideoCodecType) * ncodecs));

For similar reason I would change this to

    msg = g_malloc0(sizeof(SpiceMsgcDisplayPreferredVideoCodecType) +
                    (sizeof(msg->codecs[0]) * ncodecs));


>      msg->num_of_codecs = ncodecs;
> -    memcpy(msg->codecs, codecs, sizeof(*codecs) * ncodecs);
> +
> +    /* cannot memcpy because codecs is gint, but msg->codecs is uint8_t
> +     * but safe because codecs[i] <= 255 */
> +    for (i = 0; i < ncodecs; i++) {
> +        msg->codecs[i] = codecs[i];
> +    }
> 
>      out = spice_msg_out_new(channel,
>      SPICE_MSGC_DISPLAY_PREFERRED_VIDEO_CODEC_TYPE);
>      out->marshallers->msgc_display_preferred_video_codec_type(out->marshaller,
>      msg);

Good catch!

Not much part of the series (quite independent I would say).

Frediano