From patchwork Tue Jul 12 09:31:23 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: "Herongguang (Stephen)" <herongguang.he@huawei.com>
X-Patchwork-Id: 9224877
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	1A52660572 for <patchwork-qemu-devel@patchwork.kernel.org>;
	Tue, 12 Jul 2016 09:34:47 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 09E9A27CCB
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Tue, 12 Jul 2016 09:34:47 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id F13F427DCD; Tue, 12 Jul 2016 09:34:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 49FF227CCB
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Tue, 12 Jul 2016 09:34:45 +0000 (UTC)
Received: from localhost ([::1]:38649 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1bMu5S-0000sk-MJ for patchwork-qemu-devel@patchwork.kernel.org;
	Tue, 12 Jul 2016 05:34:42 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56368)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <herongguang.he@huawei.com>) id 1bMu5B-0000sM-Rm
	for qemu-devel@nongnu.org; Tue, 12 Jul 2016 05:34:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <herongguang.he@huawei.com>) id 1bMu56-0000vH-22
	for qemu-devel@nongnu.org; Tue, 12 Jul 2016 05:34:24 -0400
Received: from szxga03-in.huawei.com ([119.145.14.66]:28944)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <herongguang.he@huawei.com>) id 1bMu55-0000s3-9B
	for qemu-devel@nongnu.org; Tue, 12 Jul 2016 05:34:19 -0400
Received: from 172.24.1.60 (EHLO szxeml433-hub.china.huawei.com)
	([172.24.1.60])
	by szxrg03-dlp.huawei.com (MOS 4.4.3-GA FastPath queued)
	with ESMTP id CEQ47426; Tue, 12 Jul 2016 17:32:13 +0800 (CST)
Received: from [127.0.0.1] (10.177.19.20) by szxeml433-hub.china.huawei.com
	(10.82.67.210) with Microsoft SMTP Server id 14.3.235.1;
	Tue, 12 Jul 2016 17:31:24 +0800
To: <qemu-devel@nongnu.org>, <kraxel@redhat.com>, <pbonzini@redhat.com>,
	<herongguang.he@huawei.com>, <weidong.huang@huawei.com>,
	"peter.huangpeng@huawei.com >> Huangpeng (Peter)"
	<peter.huangpeng@huawei.com>
From: "Herongguang (Stephen)" <herongguang.he@huawei.com>
Message-ID: <5784B8EB.7010008@huawei.com>
Date: Tue, 12 Jul 2016 17:31:23 +0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
	Thunderbird/38.5.1
MIME-Version: 1.0
X-Originating-IP: [10.177.19.20]
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0),
	refid=str=0001.0A090201.5784B988.0026, ss=1, re=0.000, recu=0.000,
	reip=0.000, cl=1, cld=1, fgs=0, ip=0.0.0.0,
	so=2013-05-26 15:14:31, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: dd7834e072151c7c96ccdd097f2f05f4
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic]
X-Received-From: 119.145.14.66
Subject: [Qemu-devel]  [PATCH] vnc-enc-tight: fix off-by-one bug
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Virus-Scanned: ClamAV using ClamSMTP

In tight_encode_indexed_rect32, buf(or src)’s size is count. In for loop,
the logic is supposed to be that i is an index into src, i should be
incremented when incrementing src.

This is broken when src is incremented but i is not before while loop,
resulting in off-by-one bug in while loop.

Signed-off-by: He Rongguang <herongguang.he@huawei.com>
---
  ui/vnc-enc-tight.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c
index e5cba0e..678c5df 100644
--- a/ui/vnc-enc-tight.c
+++ b/ui/vnc-enc-tight.c
@@ -461,9 +461,10 @@ static int tight_fill_palette(VncState *vs, int x, int y,
                                                                          \
          src = (uint##bpp##_t *) buf;                                    \
                                                                          \
-        for (i = 0; i < count; i++) {                                   \
+        for (i = 0; i < count; ) {                                      \
                                                                          \
              rgb = *src++;                                               \
+            i++;                                                        \
              rep = 0;                                                    \
              while (i < count && *src == rgb) {                          \
                  rep++, src++, i++;                                      \