| Message ID | 20240124105749.204610-2-f.ebner@proxmox.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v3,1/2] ui/clipboard: mark type as not available when there is no data | expand |
On Wed, Jan 24, 2024 at 2:59 PM Fiona Ebner <f.ebner@proxmox.com> wrote: > > Should an issue like CVE-2023-6683 ever appear again in the future, > it will be more obvious which assumption was violated. > > Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com> > Signed-off-by: Fiona Ebner <f.ebner@proxmox.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> thanks > --- > > Changes in v3: > * Turn check for update into an assertion. > * Split out into a separate patch. > > ui/clipboard.c | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > > diff --git a/ui/clipboard.c b/ui/clipboard.c > index b3f6fa3c9e..4264884a6c 100644 > --- a/ui/clipboard.c > +++ b/ui/clipboard.c > @@ -65,12 +65,24 @@ bool qemu_clipboard_check_serial(QemuClipboardInfo *info, bool client) > > void qemu_clipboard_update(QemuClipboardInfo *info) > { > + uint32_t type; > QemuClipboardNotify notify = { > .type = QEMU_CLIPBOARD_UPDATE_INFO, > .info = info, > }; > assert(info->selection < QEMU_CLIPBOARD_SELECTION__COUNT); > > + for (type = 0; type < QEMU_CLIPBOARD_TYPE__COUNT; type++) { > + /* > + * If data is missing, the clipboard owner's 'request' callback needs to > + * be set. Otherwise, there is no way to get the clipboard data and > + * qemu_clipboard_request() cannot be called. > + */ > + if (info->types[type].available && !info->types[type].data) { > + assert(info->owner && info->owner->request); > + } > + } > + > notifier_list_notify(&clipboard_notifiers, ¬ify); > > if (cbinfo[info->selection] != info) { > @@ -132,6 +144,8 @@ void qemu_clipboard_request(QemuClipboardInfo *info, > !info->owner) > return; > > + assert(info->owner->request); > + > info->types[type].requested = true; > info->owner->request(info, type); > } > -- > 2.39.2 > > >
diff --git a/ui/clipboard.c b/ui/clipboard.c index b3f6fa3c9e..4264884a6c 100644 --- a/ui/clipboard.c +++ b/ui/clipboard.c @@ -65,12 +65,24 @@ bool qemu_clipboard_check_serial(QemuClipboardInfo *info, bool client) void qemu_clipboard_update(QemuClipboardInfo *info) { + uint32_t type; QemuClipboardNotify notify = { .type = QEMU_CLIPBOARD_UPDATE_INFO, .info = info, }; assert(info->selection < QEMU_CLIPBOARD_SELECTION__COUNT); + for (type = 0; type < QEMU_CLIPBOARD_TYPE__COUNT; type++) { + /* + * If data is missing, the clipboard owner's 'request' callback needs to + * be set. Otherwise, there is no way to get the clipboard data and + * qemu_clipboard_request() cannot be called. + */ + if (info->types[type].available && !info->types[type].data) { + assert(info->owner && info->owner->request); + } + } + notifier_list_notify(&clipboard_notifiers, ¬ify); if (cbinfo[info->selection] != info) { @@ -132,6 +144,8 @@ void qemu_clipboard_request(QemuClipboardInfo *info, !info->owner) return; + assert(info->owner->request); + info->types[type].requested = true; info->owner->request(info, type); }
Should an issue like CVE-2023-6683 ever appear again in the future, it will be more obvious which assumption was violated. Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com> --- Changes in v3: * Turn check for update into an assertion. * Split out into a separate patch. ui/clipboard.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+)