From: ths <ths@c046a42c-6fe2-441c-8c8c-71466251a162>
Date: Thu, 13 Sep 2007 12:41:42 +0000 (+0000)
Subject: Fix infinite loop in VNC support, by Marc Bevand.
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=baa7666c74e7495c0982afe2a566aabcd4dbe1ac;p=qemu.git

Fix infinite loop in VNC support, by Marc Bevand.


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3169 c046a42c-6fe2-441c-8c8c-71466251a162
---

diff --git a/vnc.c b/vnc.c
index 64906980c3..75e4fc9686 100644
--- a/vnc.c
+++ b/vnc.c
@@ -1195,8 +1195,11 @@ static int protocol_client_msg(VncState *vs, char *data, size_t len)
 	if (len == 1)
 	    return 8;
 
-	if (len == 8)
-	    return 8 + read_u32(data, 4);
+	if (len == 8) {
+            uint32_t dlen = read_u32(data, 4);
+            if (dlen > 0)
+                return 8 + dlen;
+        }
 
 	client_cut_text(vs, read_u32(data, 4), data + 8);
 	break;