From 06caae141c9bf30cd5271daf6af9ea0280ba1d5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Wed, 19 Oct 2011 11:27:32 +0200 Subject: [PATCH] do not segfault if link message header size is set to 0 https://bugs.freedesktop.org/show_bug.cgi?id=41988 --- gtk/spice-channel.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/gtk/spice-channel.c b/gtk/spice-channel.c index 5bc244f..23c16e7 100644 --- a/gtk/spice-channel.c +++ b/gtk/spice-channel.c @@ -976,6 +976,11 @@ static void spice_channel_recv_link_hdr(SpiceChannel *channel) } c->peer_msg = spice_malloc(c->peer_hdr.size); + if (c->peer_msg == NULL) { + g_critical("invalid peer header size: %u", c->peer_hdr.size); + goto error; + } + c->state = SPICE_CHANNEL_STATE_LINK_MSG; return; -- 1.7.6.2