| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
autofoo build-sys defines WORDS_BIGENDIAN, and spice-common code uses it.
Later, I think it would make sense to switch to G_BIG_ENDIAN instead.
Fixes:
https://gitlab.freedesktop.org/spice/spice-common/issues/2
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Victor Toso <victortoso@redhat.com>
|
|
../subprojects/spice-common/common/quic.c: In function 'fill_model_structures':
../subprojects/spice-common/common/quic.c:695:55: error: comparison of integer expressions of different signedness: 'int' and 'unsigned int' [-Werror=sign-compare]
spice_assert(free_counter - family_stat->counters == nbuckets * ncounters);
^~
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Frediano Ziglio <figlio@redhat.com>
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
That makes it easier to send patch series for spice-common.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
Extend sizes check also to decoding, actually the source data
decoding images should be less safe than encoding.
This avoids different integer overflows and buffer overflows.
To avoid potential issues images are limited to 1GB.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
The type of the image is just copied from network without
any check and later used for array indexing.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
|
|
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
An array of WSABUF can be used with WSASend.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
v2.5.1 was released on 2015-11-24.
According to repology, from the distro we care about, CentOS 6,
openSUSE Leap 42.3 have too old version (0.1.2).
spice-gtk & spice-server will have to be updated to drop
USE_SMARTCARD_012.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
SPICE_ATTR_PRINTF uses __printf__ format attribute.
spice_log internally uses g_string_append_vprintf which uses
G_GNUC_PRINTF attribute.
G_GNUC_PRINTF can be __printf__ or gnu_printf format which in
some systems (currently Windows) can be different.
GLib 2.58 changed G_GNUC_PRINTF on Windows from using __printf__
attribute to gnu_printf.
To avoid problems in the future uses G_GNUC_PRINTF instead of
SPICE_ATTR_PRINTF for spice_log.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
A full copy can keep both the key and the value instead of allocating
twice the memory.
We are parsing key1=val1,key2=val2,... and in doing that, we currently
store 'key1' in key, and 'val1' in val, and then 'key2', 'val2', and so
on.
After this patch, we store 'key1\0val1\0' in key, which fits and saves
some memory.
Also this removes a warning produced by Coverity that is assuming that
allocating strlen(string_variable) is wrong.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
As spice-common is used by spice-gtk which should run on Windows
even spice-common should compile and run on Windows so check it
with CI.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
The test uses both GLib and pixman libraries.
This does not seem to affect Linux but make the test fails under Windows.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
|
|
Declare without argument instead of long declaration.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
|
|
Not used outside the test.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
|
|
Use AS_HELP_STRING in order to fix indentation of configure --help.
Default is now auto, as the "[enable_celt051="auto"]" parameter.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
Always use H_SPICE_COMMON_ prefix with uppercase filename (without
extension).
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com
|
|
This makes it easier to convert enums registered with glib type system
to string in order to print them at runtime.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Snir Sheriber <ssheribe@redhat.com>
|
|
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Snir Sheriber <ssheribe@redhat.com>
|
|
Code generated for demarshallers define and declare some types and
functions.
However these types and functions are also declared separately in other
headers (currently spice-common/client_demarshallers.h and
spice/server/demarshallers.h) resulting in potential ABI mismatch if the
different declarations do not match.
Using a common header shared between generated code and code using
these functions prevent potentially multiple different declarations.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
spice_get_server_channel_parser1 function was removed.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
The idea in version 1 of the protocol was to extend it using the minor
version. However this was replaced by the usage of capabilities and the
minor attribute (which was not much used in version 1) was abandoned in
version 2.
This patch create a big difference in the code generated but only because
the minor version was passed between all possible functions as argument.
Note that exported functions retain the minor argument for compatibility
reasons.
The demarshaller code export directly spice_get_client_channel_parser or
spice_get_server_channel_parser functions which returns internal module
functions which parse message of specific channels.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
This attribute was used only in SPICE version 1.
The intention was use fixed size for switch type in the protocol.
However this does not bring any improvement, just increase network
bytes used.
Generated code does not change.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
This attribute was used only in SPICE version 1.
Its usage was confusing, and was replaced by the simple usage of
array size.
Generated code does not change.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
This should only be included from c files.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
|
|
SPICE version 2 was introduced more than 8 years ago.
RHEL 6 already removed support for version 1 in the server.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Victor Toso <victortoso@redhat.com>
|
|
In some architectures GLib macros to change endianness use the
argument multiple times causing possible side effects.
This happens for instance using Debian SID and MIPS.
This fixes https://gitlab.freedesktop.org/spice/spice-common/issues/1.
Reported-by: Laurent Bigonville <bigon@debian.org>
Tested-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Victor Toso <victortoso@redhat.com>
|
|
This avoids adding an extra build flag which may not be supported by the
compiler.
Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
|
|
This is kind of a DoS, possibly flexible array in the protocol
causes the network size check to be ignored due to integer overflows.
The size of flexible array is computed as (message_end - position),
then this size is added to the number of bytes before the array and
this number is used to check if we overflow initial message.
An example is:
message {
uint32 dummy[2];
uint8 data[] @end;
} LenMessage;
which generated this (simplified remove useless code) code:
{ /* data */
data__nelements = message_end - (start + 8);
data__nw_size = data__nelements;
}
nw_size = 8 + data__nw_size;
/* Check if message fits in reported side */
if (nw_size > (uintptr_t) (message_end - start)) {
return NULL;
}
Following code:
- data__nelements == message_end - (start + 8)
- data__nw_size == data__nelements == message_end - (start + 8)
- nw_size == 8 + data__nw_size == 8 + message_end - (start + 8) ==
8 + message_end - start - 8 == message_end -start
- the check for overflow is (nw_size > (message_end - start)) but
nw_size == message_end - start so the check is doing
((message_end - start) > (message_end - start)) which is always false.
If message_end - start < 8 then data__nelements (number of element
on the array above) computation generate an integer underflow that
later create a buffer overflow.
Add a check to make sure that the array starts before the message ends
to avoid the overflow.
Difference is:
diff -u save/generated_client_demarshallers1.c common/generated_client_demarshallers1.c
--- save/generated_client_demarshallers1.c 2018-06-22 22:13:48.626793919 +0100
+++ common/generated_client_demarshallers1.c 2018-06-22 22:14:03.408163291 +0100
@@ -225,6 +225,9 @@
uint64_t data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start + 0) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 0);
data__nw_size = data__nelements;
@@ -243,6 +246,9 @@
*free_message = nofree;
return data;
+ error:
+ free(data);
+ return NULL;
}
static uint8_t * parse_msg_set_ack(uint8_t *message_start, uint8_t *message_end, SPICE_GNUC_UNUSED int minor, size_t *size, message_destructor_t *free_message)
@@ -301,6 +307,9 @@
SpiceMsgPing *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 12) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 12);
data__nw_size = data__nelements;
@@ -5226,6 +5235,9 @@
uint64_t cursor_data__nw_size;
uint64_t cursor_data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start2 + 22) > message_end)) {
+ goto error;
+ }
cursor_data__nelements = message_end - (start2 + 22);
cursor_data__nw_size = cursor_data__nelements;
@@ -5305,6 +5317,9 @@
uint64_t cursor_data__nw_size;
uint64_t cursor_data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start2 + 22) > message_end)) {
+ goto error;
+ }
cursor_data__nelements = message_end - (start2 + 22);
cursor_data__nw_size = cursor_data__nelements;
@@ -5540,6 +5555,9 @@
SpiceMsgPlaybackPacket *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 4) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 4);
data__nw_size = data__nelements;
@@ -5594,6 +5612,9 @@
SpiceMsgPlaybackMode *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 8) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 8);
data__nw_size = data__nelements;
diff -u save/generated_client_demarshallers.c common/generated_client_demarshallers.c
--- save/generated_client_demarshallers.c 2018-06-22 22:13:48.626793919 +0100
+++ common/generated_client_demarshallers.c 2018-06-22 22:14:03.004153195 +0100
@@ -225,6 +225,9 @@
uint64_t data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start + 0) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 0);
data__nw_size = data__nelements;
@@ -243,6 +246,9 @@
*free_message = nofree;
return data;
+ error:
+ free(data);
+ return NULL;
}
static uint8_t * parse_msg_set_ack(uint8_t *message_start, uint8_t *message_end, SPICE_GNUC_UNUSED int minor, size_t *size, message_destructor_t *free_message)
@@ -301,6 +307,9 @@
SpiceMsgPing *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 12) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 12);
data__nw_size = data__nelements;
@@ -6574,6 +6583,9 @@
}
{ /* data */
+ if (SPICE_UNLIKELY((start2 + 2 + cursor_u__nw_size) > message_end)) {
+ goto error;
+ }
cursor_data__nelements = message_end - (start2 + 2 + cursor_u__nw_size);
cursor_data__nw_size = cursor_data__nelements;
@@ -6670,6 +6682,9 @@
}
{ /* data */
+ if (SPICE_UNLIKELY((start2 + 2 + cursor_u__nw_size) > message_end)) {
+ goto error;
+ }
cursor_data__nelements = message_end - (start2 + 2 + cursor_u__nw_size);
cursor_data__nw_size = cursor_data__nelements;
@@ -6907,6 +6922,9 @@
SpiceMsgPlaybackPacket *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 4) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 4);
data__nw_size = data__nelements;
@@ -6961,6 +6979,9 @@
SpiceMsgPlaybackMode *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 6) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 6);
data__nw_size = data__nelements;
@@ -7559,6 +7580,9 @@
SpiceMsgTunnelSocketData *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 2) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 2);
data__nw_size = data__nelements;
@@ -7840,6 +7864,9 @@
}
{ /* compressed_data */
+ if (SPICE_UNLIKELY((start + 1 + u__nw_size) > message_end)) {
+ goto error;
+ }
compressed_data__nelements = message_end - (start + 1 + u__nw_size);
compressed_data__nw_size = compressed_data__nelements;
diff -u save/generated_server_demarshallers.c common/generated_server_demarshallers.c
--- save/generated_server_demarshallers.c 2018-06-22 22:13:48.627793944 +0100
+++ common/generated_server_demarshallers.c 2018-06-22 22:14:05.231208847 +0100
@@ -306,6 +306,9 @@
uint64_t data__nelements;
{ /* data */
+ if (SPICE_UNLIKELY((start + 0) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 0);
data__nw_size = data__nelements;
@@ -324,6 +327,9 @@
*free_message = nofree;
return data;
+ error:
+ free(data);
+ return NULL;
}
static uint8_t * parse_msgc_disconnecting(uint8_t *message_start, uint8_t *message_end, SPICE_GNUC_UNUSED int minor, size_t *size, message_destructor_t *free_message)
@@ -1259,6 +1265,9 @@
SpiceMsgcRecordPacket *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 4) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 4);
data__nw_size = data__nelements;
@@ -1313,6 +1322,9 @@
SpiceMsgcRecordMode *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 6) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 6);
data__nw_size = data__nelements;
@@ -1841,6 +1853,9 @@
SpiceMsgcTunnelSocketData *out;
{ /* data */
+ if (SPICE_UNLIKELY((start + 2) > message_end)) {
+ goto error;
+ }
data__nelements = message_end - (start + 2);
data__nw_size = data__nelements;
@@ -2057,6 +2072,9 @@
}
{ /* compressed_data */
+ if (SPICE_UNLIKELY((start + 1 + u__nw_size) > message_end)) {
+ goto error;
+ }
compressed_data__nelements = message_end - (start + 1 + u__nw_size);
compressed_data__nw_size = compressed_data__nelements;
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
feature can be enabled, disabled or auto, not true/false
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
|
|
This built-in type is used instead of the tri-state string combo
(auto/true/false), simplifying the dependency checks.
http://mesonbuild.com/Build-options.html#features
Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
Easier to iterate and improves readability of the code by replacing the
use of nested lists.
http://mesonbuild.com/Reference-manual.html#dictionary-object
Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
When running with -Dpython-checks=false, the build fails. To fix this,
we move the python variable declaration outside of the get_option()
block as it will be used for calling the generators. Also removes the
unnecessary check for python3-devel.
Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
When building either spice-server or spice-gtk, spice-common should
inherit the command line options from the parent project. This is done
by adding the 'yield' keyword for the opus and celt051 options.
It is also required to add a smartcard option so that we can bypass the
checks if the user wants to.
Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
Fixes the following warning message while running meson:
WARNING: Unknown command line options: "celt501"
This will become a hard error in a future Meson release.
Signed-off-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
|
|
Plus a few other indentation fixes.
Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
The id is called 'monitor_id' throughout the rest of the code, rename
for clarity and consistency.
Signed-off-by: Lukáš Hrázký <lhrazky@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
test-overflow was doing a specific test on demarshalling code.
Joining the 2 tests also allows to remove the dependency from the main
protocol allowing to run the test independently from generation setting.
Using Meson when building either SPICE server or spice-gtk, we only
generate the specific marshallers/demarshallers for that given case.
With this commit the test is built in any case.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
|
|
The 2 APIs are equivalent.
Some minor coherence changes:
- remove line terminator, already added;
- start message with lower case;
- LZ4, not Lz4.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
|
|
Check that we have enough data before reading.
This could lead to read buffer overflows being undetected.
This is not a security issue, read happens only in the client not causing
any information leakage, maximum can generate a crash or some garbage on
the screen.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
|
|
Now that the 2 template files are the same (except for whitespace differences),
we can use a single file.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
This commit adds a common block of macro declarations at the top of
quic_tmpl.c and quic_rgb_tmpl.c. This block is identical between the 2
files, and is one big step towards making the 2 files identical.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
This commit reorders the macro declarations at the beginning of
quic_tmpl.c and quic_rgb_tmpl.c so that they follow a similar order.
This does the same for the #undef at the end of both file.
This commit is only code movement, and should not add/remove anything
which was not there before. The next commit will unify the macro
declarations and #undef.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
Define and reuse a COPY_PIXEL macro to copy a pixel.
This will help in making quic_tmpl.c and quic_rgb_tmpl.c identical.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
They will help unify quic_rgb_tmpl.c and quic_tmpl.c
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
This allows to pass an additional 'channel' argument when needed, and
should eventually let us unify quic_tmpl.c and quic_rgb_tmpl.c
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
Use a APPLY_ALL_COMP macro to unify single/multiple channel processing.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
