From: Marc-André Lureau <[email protected]> When too many consoles are created, vcs[] may be write out-of-bounds.
Signed-off-by: Marc-André Lureau <[email protected]> Message-id: [email protected] Signed-off-by: Gerd Hoffmann <[email protected]> --- ui/gtk.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ui/gtk.c b/ui/gtk.c index 356f400..86368e3 100644 --- a/ui/gtk.c +++ b/ui/gtk.c @@ -1706,6 +1706,11 @@ static CharDriverState *gd_vc_handler(ChardevVC *vc, Error **errp) ChardevCommon *common = qapi_ChardevVC_base(vc); CharDriverState *chr; + if (nb_vcs == MAX_VCS) { + error_setg(errp, "Maximum number of consoles reached"); + return NULL; + } + chr = qemu_chr_alloc(common, errp); if (!chr) { return NULL; -- 1.8.3.1
