[PATCH] quic: Check we have some data to start decoding quic image

All paths already pass some data to quic_decode_begin but for the
test check it, it's not that expensive test.
Checking for not 0 is enough, all other words will potentially be
read calling more_io_words but we need one to avoid a potential
initial buffer overflow or deferencing an invalid pointer.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>
Gbp-Pq: Name CVE-2020-14355_part1.patch

diff --git a/spice-common/common/quic.c b/spice-common/common/quic.c
index 5b00d656ee5f75430b7eeb7053e2fe2ae1a37f6f..d6fb8f2db1d0b8cc9659293f47b5d3ed6195cdbc 100644 (file)
--- a/spice-common/common/quic.c
+++ b/spice-common/common/quic.c
@@ -1379,7 +1379,7 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w
     int channels;
     int bpc;
 
-    if (!encoder_reste(encoder, io_ptr, io_ptr_end)) {
+    if (!num_io_words || !encoder_reste(encoder, io_ptr, io_ptr_end)) {
         return QUIC_ERROR;
     }