Hello Peter, +-- On Thu, 3 Dec 2015, Peter Maydell wrote --+ | The patch doesn't apply to master. Can you produce a version | that does, please?
Please see this new one, hope it works. === >From d4661b8d99f8c8439167d85165439c619553b933 Mon Sep 17 00:00:00 2001 From: Prasad J Pandit <p...@fedoraproject.org> Date: Thu, 3 Dec 2015 18:47:46 +0530 Subject: [PATCH] ui: vnc: avoid floating point exception While sending 'SetPixelFormat' messages to a VNC server, the client could set the 'red-max', 'green-max' and 'blue-max' values to be zero. This leads to a floating point exception in write_png_palette while doing frame buffer updates. Reported-by: Lian Yihan <lianyi...@360.cn> Signed-off-by: Prasad J Pandit <p...@fedoraproject.org> --- ui/vnc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ui/vnc.c b/ui/vnc.c index 7538405..cbe4d33 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2198,15 +2198,15 @@ static void set_pixel_format(VncState *vs, return; } - vs->client_pf.rmax = red_max; + vs->client_pf.rmax = red_max ? red_max : 0xFF; vs->client_pf.rbits = hweight_long(red_max); vs->client_pf.rshift = red_shift; vs->client_pf.rmask = red_max << red_shift; - vs->client_pf.gmax = green_max; + vs->client_pf.gmax = green_max ? green_max : 0xFF; vs->client_pf.gbits = hweight_long(green_max); vs->client_pf.gshift = green_shift; vs->client_pf.gmask = green_max << green_shift; - vs->client_pf.bmax = blue_max; + vs->client_pf.bmax = blue_max ? blue_max : 0xFF; vs->client_pf.bbits = hweight_long(blue_max); vs->client_pf.bshift = blue_shift; vs->client_pf.bmask = blue_max << blue_shift; -- 2.4.3 === Thank you. -- Prasad J Pandit / Red Hat Product Security Team 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F