From: Frediano Ziglio <freddy77@gmail.com>
Date: Wed, 29 Apr 2020 14:09:13 +0000 (+0100)
Subject: [PATCH] quic: Check we have some data to start decoding quic image
X-Git-Tag: archive/raspbian/0.33-3.3+deb9u2+rpi1^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=3b4b38d8c1e11955be5c2e8bb7e869ae0f0886cf;p=spice-gtk.git

[PATCH] quic: Check we have some data to start decoding quic image

All paths already pass some data to quic_decode_begin but for the
test check it, it's not that expensive test.
Checking for not 0 is enough, all other words will potentially be
read calling more_io_words but we need one to avoid a potential
initial buffer overflow or deferencing an invalid pointer.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>

Gbp-Pq: Name CVE-2020-14355_part1.patch
---

diff --git a/spice-common/common/quic.c b/spice-common/common/quic.c
index 5b00d65..d6fb8f2 100644
--- a/spice-common/common/quic.c
+++ b/spice-common/common/quic.c
@@ -1379,7 +1379,7 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w
     int channels;
     int bpc;
 
-    if (!encoder_reste(encoder, io_ptr, io_ptr_end)) {
+    if (!num_io_words || !encoder_reste(encoder, io_ptr, io_ptr_end)) {
         return QUIC_ERROR;
     }