diff options
author | David Gibson <dgibson@redhat.com> | 2014-03-10 11:55:47 +0100 |
---|---|---|
committer | Christophe Fergeau <cfergeau@redhat.com> | 2014-03-20 11:34:49 +0100 |
commit | 4019a8801d7a67035749562c0c1f403c24f36b0b (patch) | |
tree | da542acb1df10ef26d620812d70bf0dce49e754d /docs | |
parent | e411787df2f129d396b1b4afc8da2e6e47490e3b (diff) | |
download | spice-4019a8801d7a67035749562c0c1f403c24f36b0b.tar.gz spice-4019a8801d7a67035749562c0c1f403c24f36b0b.tar.xz spice-4019a8801d7a67035749562c0c1f403c24f36b0b.zip |
Don't truncate large 'now' values in _spice_timer_set
static void _spice_timer_set(SpiceTimer *timer, uint32_t ms, uint32_t now)
The _spice_timer_set() function takes a 32-bit integer for the "now" value.
The now value passed in however, can exceed 2^32 (it's in ms and derived
from CLOCK_MONOTONIC, which will wrap around a 32-bit integer in around 46
days).
If the now value passed in exceeds 2^32, this will mean timers are inserted
into the active list with expiry values before the current time, they will
immediately trigger, and (if they don't make themselves inactive) be
reinserted still before the current time.
This leads to an infinite loop in spice_timer_queue_cb().
https://bugzilla.redhat.com/show_bug.cgi?id=1072700
Diffstat (limited to 'docs')
0 files changed, 0 insertions, 0 deletions