diff options
author | Frediano Ziglio <fziglio@redhat.com> | 2017-08-09 16:23:53 +0100 |
---|---|---|
committer | Frediano Ziglio <fziglio@redhat.com> | 2017-08-23 22:47:08 +0100 |
commit | 70d4739ce2f90f904fa96e22e438e9b424a3dd42 (patch) | |
tree | edd947af790e8fbbbd3ad47ebfce64cf7f6e59c1 | |
parent | 429ad965371ceaaf60b81ccbed7da660ef9e0a94 (diff) |
quic: avoid crash on specific images
encodes_ones is called to encode a long sequence of 1 bits.
In some conditions (I manage to reproduce with a 85000x4 pixel
image fill with a single color) encodes_ones is called with a
"n" value >= 32.
This cause encode to be called with a "len" value of 32 which
trigger this assert:
spice_assert(len > 0 && len < 32);
causing a crash. Instead of calling encode with a constant
"len" as 32 call encode_32 which is supposed to encode
exactly 32 bit.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
-rw-r--r-- | common/quic.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/common/quic.c b/common/quic.c index 1be28c6..e097064 100644 --- a/common/quic.c +++ b/common/quic.c @@ -507,7 +507,7 @@ static inline void encode_ones(Encoder *encoder, unsigned int n) unsigned int count; for (count = n >> 5; count; count--) { - encode(encoder, ~0U, 32); + encode_32(encoder, ~0U); } if ((n &= 0x1f)) { |