From 3b4b38d8c1e11955be5c2e8bb7e869ae0f0886cf Mon Sep 17 00:00:00 2001
From: Frediano Ziglio <freddy77@gmail.com>
Date: Wed, 29 Apr 2020 15:09:13 +0100
Subject: [PATCH] [PATCH] quic: Check we have some data to start decoding quic
 image

All paths already pass some data to quic_decode_begin but for the
test check it, it's not that expensive test.
Checking for not 0 is enough, all other words will potentially be
read calling more_io_words but we need one to avoid a potential
initial buffer overflow or deferencing an invalid pointer.

Signed-off-by: Frediano Ziglio <freddy77@gmail.com>
Acked-by: Uri Lublin <uril@redhat.com>

Gbp-Pq: Name CVE-2020-14355_part1.patch
---
 spice-common/common/quic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spice-common/common/quic.c b/spice-common/common/quic.c
index 5b00d65..d6fb8f2 100644
--- a/spice-common/common/quic.c
+++ b/spice-common/common/quic.c
@@ -1379,7 +1379,7 @@ int quic_decode_begin(QuicContext *quic, uint32_t *io_ptr, unsigned int num_io_w
     int channels;
     int bpc;
 
-    if (!encoder_reste(encoder, io_ptr, io_ptr_end)) {
+    if (!num_io_words || !encoder_reste(encoder, io_ptr, io_ptr_end)) {
         return QUIC_ERROR;
     }
 
-- 
2.30.2