On Mi, 2016-12-07 at 13:55 +0300, Marc-André Lureau wrote: > When too many consoles are created, vcs[] may be write out-of-bounds. > > Signed-off-by: Marc-André Lureau <[email protected]> > --- > ui/gtk.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/ui/gtk.c b/ui/gtk.c > index e81642876a..67c52179ee 100644 > --- a/ui/gtk.c > +++ b/ui/gtk.c > @@ -1696,6 +1696,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *vc, > Error **errp) > ChardevCommon *common = qapi_ChardevVC_base(vc); > CharDriverState *chr; > > + if (nb_vcs == MAX_VCS) { > + error_setg(errp, "Maximum number of consoles reached"); > + return NULL; > + } > + > chr = qemu_chr_alloc(common, errp); > if (!chr) { > return NULL;
added to ui queue. thanks, Gerd
