[tigervnc/f19] Avoid invalid read when ZRLE connection closed (upstream bug #133).
Tim Waugh
twaugh at fedoraproject.org
Tue Jan 21 09:33:36 UTC 2014
commit e304238de7b18f710fd62a311755ea61c048bc75
Author: Tim Waugh <twaugh at redhat.com>
Date: Thu Dec 12 17:31:18 2013 +0000
Avoid invalid read when ZRLE connection closed (upstream bug #133).
Resolves: rhbz#1039926
(cherry picked from commit 849f0627d20a5aec518f9b328bc3add127a5cff4)
Conflicts:
tigervnc.spec
tigervnc-zrle-crash.patch | 69 +++++++++++++++++++++++++++++++++++++++++++++
tigervnc.spec | 9 +++++-
2 files changed, 77 insertions(+), 1 deletions(-)
---
diff --git a/tigervnc-zrle-crash.patch b/tigervnc-zrle-crash.patch
new file mode 100644
index 0000000..74545d7
--- /dev/null
+++ b/tigervnc-zrle-crash.patch
@@ -0,0 +1,69 @@
+diff -up tigervnc-1.3.0/common/rfb/ZRLEEncoder.cxx.zrle-crash tigervnc-1.3.0/common/rfb/ZRLEEncoder.cxx
+--- tigervnc-1.3.0/common/rfb/ZRLEEncoder.cxx.zrle-crash 2013-07-01 13:41:59.000000000 +0100
++++ tigervnc-1.3.0/common/rfb/ZRLEEncoder.cxx 2013-12-12 17:30:48.510007365 +0000
+@@ -55,16 +55,19 @@ Encoder* ZRLEEncoder::create(SMsgWriter*
+ }
+
+ ZRLEEncoder::ZRLEEncoder(SMsgWriter* writer_)
+- : writer(writer_), zos(0,0,zlibLevel)
++ : writer(writer_)
+ {
+ if (sharedMos)
+ mos = sharedMos;
+ else
+ mos = new rdr::MemOutStream(129*1024);
++
++ zos = new rdr::ZlibOutStream(0, 0, zlibLevel);
+ }
+
+ ZRLEEncoder::~ZRLEEncoder()
+ {
++ delete zos;
+ if (!sharedMos)
+ delete mos;
+ }
+@@ -78,10 +81,10 @@ bool ZRLEEncoder::writeRect(const Rect&
+
+ switch (writer->bpp()) {
+ case 8:
+- wroteAll = zrleEncode8(r, mos, &zos, imageBuf, maxLen, actual, ig);
++ wroteAll = zrleEncode8(r, mos, zos, imageBuf, maxLen, actual, ig);
+ break;
+ case 16:
+- wroteAll = zrleEncode16(r, mos, &zos, imageBuf, maxLen, actual, ig);
++ wroteAll = zrleEncode16(r, mos, zos, imageBuf, maxLen, actual, ig);
+ break;
+ case 32:
+ {
+@@ -94,16 +97,16 @@ bool ZRLEEncoder::writeRect(const Rect&
+ if ((fitsInLS3Bytes && pf.isLittleEndian()) ||
+ (fitsInMS3Bytes && pf.isBigEndian()))
+ {
+- wroteAll = zrleEncode24A(r, mos, &zos, imageBuf, maxLen, actual, ig);
++ wroteAll = zrleEncode24A(r, mos, zos, imageBuf, maxLen, actual, ig);
+ }
+ else if ((fitsInLS3Bytes && pf.isBigEndian()) ||
+ (fitsInMS3Bytes && pf.isLittleEndian()))
+ {
+- wroteAll = zrleEncode24B(r, mos, &zos, imageBuf, maxLen, actual, ig);
++ wroteAll = zrleEncode24B(r, mos, zos, imageBuf, maxLen, actual, ig);
+ }
+ else
+ {
+- wroteAll = zrleEncode32(r, mos, &zos, imageBuf, maxLen, actual, ig);
++ wroteAll = zrleEncode32(r, mos, zos, imageBuf, maxLen, actual, ig);
+ }
+ break;
+ }
+diff -up tigervnc-1.3.0/common/rfb/ZRLEEncoder.h.zrle-crash tigervnc-1.3.0/common/rfb/ZRLEEncoder.h
+--- tigervnc-1.3.0/common/rfb/ZRLEEncoder.h.zrle-crash 2013-07-01 13:42:01.000000000 +0100
++++ tigervnc-1.3.0/common/rfb/ZRLEEncoder.h 2013-12-12 17:30:48.510007365 +0000
+@@ -45,7 +45,7 @@ namespace rfb {
+ private:
+ ZRLEEncoder(SMsgWriter* writer);
+ SMsgWriter* writer;
+- rdr::ZlibOutStream zos;
++ rdr::ZlibOutStream* zos;
+ rdr::MemOutStream* mos;
+ static rdr::MemOutStream* sharedMos;
+ static int maxLen;
diff --git a/tigervnc.spec b/tigervnc.spec
index 905dc36..393597a 100644
--- a/tigervnc.spec
+++ b/tigervnc.spec
@@ -1,6 +1,6 @@
Name: tigervnc
Version: 1.3.0
-Release: 7%{?dist}
+Release: 8%{?dist}
Summary: A TigerVNC remote display system
Group: User Interface/Desktops
@@ -46,6 +46,7 @@ Patch6: tigervnc-setcursor-crash.patch
Patch7: tigervnc-manpages.patch
Patch8: tigervnc-getmaster.patch
Patch9: tigervnc-shebang.patch
+Patch12: tigervnc-zrle-crash.patch
%description
Virtual Network Computing (VNC) is a remote display system which
@@ -168,6 +169,9 @@ popd
# Don't use shebang in vncserver script.
%patch9 -p1 -b .shebang
+# Avoid invalid read when ZRLE connection closed (upstream bug #133).
+%patch12 -p1 -b .zrle-crash
+
%build
%ifarch sparcv9 sparc64 s390 s390x
export CFLAGS="$RPM_OPT_FLAGS -fPIC"
@@ -336,6 +340,9 @@ fi
%{_datadir}/icons/hicolor/*/apps/*
%changelog
+* Thu Dec 12 2013 Tim Waugh <twaugh at redhat.com> 1.3.0-8
+- Avoid invalid read when ZRLE connection closed (upstream bug #133).
+
* Tue Sep 24 2013 Tim Waugh <twaugh at redhat.com> 1.3.0-7
- Removed incorrect patch (for unexpected key_is_down). Fixes stuck
keys bug (bug #989502).
More information about the scm-commits
mailing list