From nobody Sat Nov 15 08:50:45 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1753094853; cv=none; d=zohomail.com; s=zohoarc; b=aJ91ifaXn5lqFRGM2N83vL0onk7UfCxF/Daq0MqJxoVIHfFZwuVfocoJcx4wZ1l6Rz9HOoRI2WbueCO16C+eDbq3G9rLI1+26haMptWlX+zb5GNuFp6rjJcrjjPUTQZPE5g0lQOWKBR5F4BPeFVmcytj+7FMQQVUBm6EtsCXZPo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753094853; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=I0I5bmpM+1v8X5XHPkxzcL1k4eN3B+o2SzPgYqg8erE=; b=k2WYDVXbmoK5tq6u79G1NX8Xg2Ah87e9N29xvfyWz2DqRZf7mwQZD5DODqHg+TIAGYAkdNplXwHlhwuYxiFR+GOPyMm5dqEmXKQir2OuhNbRpEK2lEeLTTsGeml/PC/eO0ckXUIH12eXLZOL28jEkwZ7BzFF9wrP7GOIxn7IZB4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1753094853918622.7935110125019; Mon, 21 Jul 2025 03:47:33 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1udo27-0005Tt-62; Mon, 21 Jul 2025 06:46:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1udo1l-0005HP-2n for qemu-devel@nongnu.org; Mon, 21 Jul 2025 06:45:56 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1udo1h-0001eB-FV for qemu-devel@nongnu.org; Mon, 21 Jul 2025 06:45:48 -0400 Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-288-_izWGSodOvyMjLM9MsxewA-1; Mon, 21 Jul 2025 06:45:42 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E92871956046; Mon, 21 Jul 2025 10:45:40 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.213]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 6DE271956094; Mon, 21 Jul 2025 10:45:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1753094743; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I0I5bmpM+1v8X5XHPkxzcL1k4eN3B+o2SzPgYqg8erE=; b=V/ZDE3vwbtsh81YLJrZ8ue6UywSXGZZsSESxwBRS7mVncYz93x1r1oJjHBjSsm2lqQlWiN LkS6bFCKKVU6ErmrJW87vcfe4065QJMY+EI6gWpbmdfmnba26CwXXskQLdT6mhbPbyabeF kj8XnrbQ4iCS5kWvVK3mQWo/PvK52AA= X-MC-Unique: _izWGSodOvyMjLM9MsxewA-1 X-Mimecast-MFC-AGG-ID: _izWGSodOvyMjLM9MsxewA_1753094741 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Thomas Huth , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PULL v2 1/4] ui: fix setting client_endian field defaults Date: Mon, 21 Jul 2025 11:45:33 +0100 Message-ID: <20250721104536.2856423-2-berrange@redhat.com> In-Reply-To: <20250721104536.2856423-1-berrange@redhat.com> References: <20250721104536.2856423-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -29 X-Spam_score: -3.0 X-Spam_bar: --- X-Spam_report: (-3.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.926, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1753094857171116600 When a VNC client sends a "set pixel format" message, the 'client_endian' field will get initialized, however, it is valid to omit this message if the client wants to use the server's native pixel format. In the latter scenario nothing is initializing the 'client_endian' field, so it remains set to 0, matching neither G_LITTLE_ENDIAN nor G_BIG_ENDIAN. This then results in pixel format conversion routines taking the wrong code paths. This problem existed before the 'client_be' flag was changed into the 'client_endian' value, but the lack of initialization meant it semantically defaulted to little endian, so only big endian systems would potentially be exposed to incorrect pixel translation. The 'virt-viewer' / 'remote-viewer' apps always send a "set pixel format" message so aren't exposed to any problems, but the classical 'vncviewer' app will show the problem easily. Fixes: 7ed96710e82c385c6cfc3d064eec7dde20f0f3fd Reported-by: Thomas Huth Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- ui/vnc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ui/vnc.c b/ui/vnc.c index e9c30aad62..a16be468b9 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2329,6 +2329,7 @@ static void pixel_format_message (VncState *vs) { char pad[3] =3D { 0, 0, 0 }; =20 vs->client_pf =3D qemu_default_pixelformat(32); + vs->client_endian =3D G_BYTE_ORDER; =20 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ vnc_write_u8(vs, vs->client_pf.depth); /* depth */ --=20 2.50.1 From nobody Sat Nov 15 08:50:45 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1753094877; cv=none; d=zohomail.com; s=zohoarc; b=LRd6qnXEsk8TFb3zVEEzF1KDRj8dZrInJeyjSnN8ci1G+Mn8supqflWoBbahhuDtZp9kza1ACfIeYA+V306tvzb2hG+WoHGGzt8MJPEYGHk/9OA1m5U6hUvYFeqsqIrg/mhjxgo0fuD8lwTViKVA7wF6R3BIDOMigyZb+MH0XgE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753094877; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Hu9w8EsdRBO2gt4Ezk2s6ko0SLRX1TYBOJLgk2TPqjA=; b=kzVHh9Ty1G+MOoK2o4uVI+pa0k7R4u8K2CkwXNKlCGS2g+r5rZ+ejsou+Lln02gEcqyr4L5Lxsk1mVBDzm1U/HvGiYIOWdQzRpjgSLfwLG/MCuu4S5jbc45Tr6CVGbwmuKkhcVMCkw0u95nDWQy1ERFcXUVkah68AxPdj/7j0EI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1753094877077699.2096761135426; Mon, 21 Jul 2025 03:47:57 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1udo2t-0005nK-7h; Mon, 21 Jul 2025 06:47:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1udo1l-0005Hb-JO for qemu-devel@nongnu.org; Mon, 21 Jul 2025 06:45:56 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1udo1i-0001eI-07 for qemu-devel@nongnu.org; Mon, 21 Jul 2025 06:45:49 -0400 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-384-upRs7-HbO3yz3it3Mz5sOg-1; Mon, 21 Jul 2025 06:45:43 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 940031944D01; Mon, 21 Jul 2025 10:45:42 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.213]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 537E519560A1; Mon, 21 Jul 2025 10:45:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1753094745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hu9w8EsdRBO2gt4Ezk2s6ko0SLRX1TYBOJLgk2TPqjA=; b=YOJ1L5g8R6fy03jzcy1viLQjRXHm9ZMfFS5L233OVEFNPLy9Bx2yHoG4xb2LKfNB1vmlIa X1QoF5MnO+GVnHg17pIibPoH+D2QTzW56SL3OiL390Pm2rJaaYhGOVLj3fr44WAY7lRD79 UsqEyHEpn12XZaw0bYYd8VXPl7+eg4c= X-MC-Unique: upRs7-HbO3yz3it3Mz5sOg-1 X-Mimecast-MFC-AGG-ID: upRs7-HbO3yz3it3Mz5sOg_1753094742 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [PULL v2 2/4] ui: add trace events for all client messages Date: Mon, 21 Jul 2025 11:45:34 +0100 Message-ID: <20250721104536.2856423-3-berrange@redhat.com> In-Reply-To: <20250721104536.2856423-1-berrange@redhat.com> References: <20250721104536.2856423-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -29 X-Spam_score: -3.0 X-Spam_bar: --- X-Spam_report: (-3.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.926, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1753094879394116600 This lets us see the full flow of RFB messages received from the client. Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Marc-Andr=C3=A9 Lureau Signed-off-by: Daniel P. Berrang=C3=A9 --- ui/trace-events | 14 +++++++++++++ ui/vnc.c | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/ui/trace-events b/ui/trace-events index 3da0d5e280..3eba9ca3a8 100644 --- a/ui/trace-events +++ b/ui/trace-events @@ -48,13 +48,27 @@ vnc_msg_server_ext_desktop_resize(void *state, void *io= c, int width, int height, vnc_msg_client_audio_enable(void *state, void *ioc) "VNC client msg audio = enable state=3D%p ioc=3D%p" vnc_msg_client_audio_disable(void *state, void *ioc) "VNC client msg audio= disable state=3D%p ioc=3D%p" vnc_msg_client_audio_format(void *state, void *ioc, int fmt, int channels,= int freq) "VNC client msg audio format state=3D%p ioc=3D%p fmt=3D%d channe= ls=3D%d freq=3D%d" +vnc_msg_client_cut_text(void *state, void *ioc, int len) "VNC client msg c= ut text state=3D%p ioc=3D%p len=3D%u" +vnc_msg_client_cut_text_ext(void *state, void *ioc, int len, int flags) "V= NC client msg cut text state=3D%p ioc=3D%p len=3D%u flags=3D%u" +vnc_msg_client_ext_key_event(void *state, void *ioc, int down, int sym, in= t keycode) "VNC client msg ext key event state=3D%p ioc=3D%p down=3D%u sym= =3D%u keycode=3D%u" +vnc_msg_client_framebuffer_update_request(void *state, void *ioc, int incr= emental, int x, int y, int w, int h) "VNC client msg framebuffer update req= uest state=3D%p ioc=3D%p incremental=3D%u x=3D%u y=3D%u w=3D%u h=3D%u" +vnc_msg_client_key_event(void *state, void *ioc, int down, int sym) "VNC c= lient msg key event state=3D%p ioc=3D%p down=3D%u sym=3D%u" +vnc_msg_client_pointer_event(void *state, void *ioc, int button_mask, int = x, int y) "VNC client msg pointer event state=3D%p ioc=3D%p button_mask=3D%= u x=3D%u y=3D%u" vnc_msg_client_set_desktop_size(void *state, void *ioc, int width, int hei= ght, int screens) "VNC client msg set desktop size state=3D%p ioc=3D%p siz= e=3D%dx%d screens=3D%d" +vnc_msg_client_set_encodings(void *state, void *ioc, int limit) "VNC clien= t msg set encodings state=3D%p ioc=3D%p limit=3D%u" +vnc_msg_client_set_pixel_format(void *state, void *ioc, int bpp, int big_e= ndian, int true_color) "VNC client msg set pixel format state=3D%p ioc=3D%p= bpp=3D%u big_endian=3D%u true_color=3D%u" +vnc_msg_client_set_pixel_format_rgb(void *state, void *ioc, int red_max, i= nt green_max, int blue_max, int red_shift, int green_shift, int blue_shift)= "VNC client msg set pixel format RGB state=3D%p ioc=3D%p red_max=3D%u gree= n_max=3D%u blue_max=3D%u red_shift=3D%u green_shift=3D%u blue_shift=3D%u" +vnc_msg_client_xvp(void *state, void *ioc, int version, int action) "VNC c= lient msg XVP state=3D%p ioc=3D%p version=3D%u action=3D%u" vnc_client_eof(void *state, void *ioc) "VNC client EOF state=3D%p ioc=3D%p" vnc_client_io_error(void *state, void *ioc, const char *msg) "VNC client I= /O error state=3D%p ioc=3D%p errmsg=3D%s" vnc_client_connect(void *state, void *ioc) "VNC client connect state=3D%p = ioc=3D%p" vnc_client_disconnect_start(void *state, void *ioc) "VNC client disconnect= start state=3D%p ioc=3D%p" vnc_client_disconnect_finish(void *state, void *ioc) "VNC client disconnec= t finish state=3D%p ioc=3D%p" vnc_client_io_wrap(void *state, void *ioc, const char *type) "VNC client I= /O wrap state=3D%p ioc=3D%p type=3D%s" +vnc_client_pixel_format(void *state, void *ioc, int bpp, int depth, int en= dian) "VNC client pixel format state=3D%p ioc=3D%p bpp=3D%u depth=3D%u endi= an=3D%u" +vnc_client_pixel_format_red(void *state, void *ioc, int max, int bits, int= shift, int mask) "VNC client pixel format red state=3D%p ioc=3D%p max=3D%u= bits=3D%u shift=3D%u mask=3D%u" +vnc_client_pixel_format_green(void *state, void *ioc, int max, int bits, i= nt shift, int mask) "VNC client pixel format green state=3D%p ioc=3D%p max= =3D%u bits=3D%u shift=3D%u mask=3D%u" +vnc_client_pixel_format_blue(void *state, void *ioc, int max, int bits, in= t shift, int mask) "VNC client pixel format blue state=3D%p ioc=3D%p max=3D= %u bits=3D%u shift=3D%u mask=3D%u" vnc_client_throttle_threshold(void *state, void *ioc, size_t oldoffset, si= ze_t offset, int client_width, int client_height, int bytes_per_pixel, void= *audio_cap) "VNC client throttle threshold state=3D%p ioc=3D%p oldoffset= =3D%zu newoffset=3D%zu width=3D%d height=3D%d bpp=3D%d audio=3D%p" vnc_client_throttle_incremental(void *state, void *ioc, int job_update, si= ze_t offset) "VNC client throttle incremental state=3D%p ioc=3D%p job-updat= e=3D%d offset=3D%zu" vnc_client_throttle_forced(void *state, void *ioc, int job_update, size_t = offset) "VNC client throttle forced state=3D%p ioc=3D%p job-update=3D%d off= set=3D%zu" diff --git a/ui/vnc.c b/ui/vnc.c index a16be468b9..c309882ddb 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -2314,6 +2314,25 @@ static void set_pixel_format(VncState *vs, int bits_= per_pixel, vs->client_pf.bytes_per_pixel =3D bits_per_pixel / 8; vs->client_pf.depth =3D bits_per_pixel =3D=3D 32 ? 24 : bits_per_pixel; vs->client_endian =3D big_endian_flag ? G_BIG_ENDIAN : G_LITTLE_ENDIAN; + trace_vnc_client_pixel_format(vs, vs->ioc, + vs->client_pf.bits_per_pixel, + vs->client_pf.depth, + vs->client_endian); + trace_vnc_client_pixel_format_red(vs, vs->ioc, + vs->client_pf.rmax, + vs->client_pf.rbits, + vs->client_pf.rshift, + vs->client_pf.rmask); + trace_vnc_client_pixel_format_green(vs, vs->ioc, + vs->client_pf.gmax, + vs->client_pf.gbits, + vs->client_pf.gshift, + vs->client_pf.gmask); + trace_vnc_client_pixel_format_blue(vs, vs->ioc, + vs->client_pf.bmax, + vs->client_pf.bbits, + vs->client_pf.bshift, + vs->client_pf.bmask); =20 if (!true_color_flag) { send_color_map(vs); @@ -2388,6 +2407,17 @@ static int protocol_client_msg(VncState *vs, uint8_t= *data, size_t len) if (len =3D=3D 1) return 20; =20 + trace_vnc_msg_client_set_pixel_format(vs, vs->ioc, + read_u8(data, 4), + read_u8(data, 6), + read_u8(data, 7)); + trace_vnc_msg_client_set_pixel_format_rgb(vs, vs->ioc, + read_u16(data, 8), + read_u16(data, 10), + read_u16(data, 12), + read_u8(data, 14), + read_u8(data, 15), + read_u8(data, 16)); set_pixel_format(vs, read_u8(data, 4), read_u8(data, 6), read_u8(data, 7), read_u16(data, 8), read_u16(data, 10), @@ -2410,12 +2440,19 @@ static int protocol_client_msg(VncState *vs, uint8_= t *data, size_t len) memcpy(data + 4 + (i * 4), &val, sizeof(val)); } =20 + trace_vnc_msg_client_set_encodings(vs, vs->ioc, limit); set_encodings(vs, (int32_t *)(data + 4), limit); break; case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: if (len =3D=3D 1) return 10; =20 + trace_vnc_msg_client_framebuffer_update_request(vs, vs->ioc, + read_u8(data, 1), + read_u16(data, 2), + read_u16(data, 4), + read_u16(data, 6), + read_u16(data, 8)); framebuffer_update_request(vs, read_u8(data, 1), read_u16(data, 2), re= ad_u16(data, 4), read_u16(data, 6), read_u16(data, 8)); @@ -2424,12 +2461,19 @@ static int protocol_client_msg(VncState *vs, uint8_= t *data, size_t len) if (len =3D=3D 1) return 8; =20 + trace_vnc_msg_client_key_event(vs, vs->ioc, + read_u8(data, 1), + read_u32(data, 4)); key_event(vs, read_u8(data, 1), read_u32(data, 4)); break; case VNC_MSG_CLIENT_POINTER_EVENT: if (len =3D=3D 1) return 6; =20 + trace_vnc_msg_client_pointer_event(vs, vs->ioc, + read_u8(data, 1), + read_u16(data, 2), + read_u16(data, 4)); pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(da= ta, 4)); break; case VNC_MSG_CLIENT_CUT_TEXT: @@ -2461,9 +2505,12 @@ static int protocol_client_msg(VncState *vs, uint8_t= *data, size_t len) vnc_client_error(vs); break; } + trace_vnc_msg_client_cut_text_ext(vs, vs->ioc, + dlen, read_u32(data, 8)); vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12= ); break; } + trace_vnc_msg_client_cut_text(vs, vs->ioc, read_u32(data, 4)); vnc_client_cut_text(vs, read_u32(data, 4), data + 8); break; case VNC_MSG_CLIENT_XVP: @@ -2478,6 +2525,7 @@ static int protocol_client_msg(VncState *vs, uint8_t = *data, size_t len) if (len =3D=3D 4) { uint8_t version =3D read_u8(data, 2); uint8_t action =3D read_u8(data, 3); + trace_vnc_msg_client_xvp(vs, vs->ioc, version, action); =20 if (version !=3D 1) { error_report("vnc: xvp client message version %d !=3D 1", @@ -2511,6 +2559,10 @@ static int protocol_client_msg(VncState *vs, uint8_t= *data, size_t len) if (len =3D=3D 2) return 12; =20 + trace_vnc_msg_client_ext_key_event(vs, vs->ioc, + read_u16(data, 2), + read_u32(data, 4), + read_u32(data, 8)); ext_key_event(vs, read_u16(data, 2), read_u32(data, 4), read_u32(data, 8)); break; --=20 2.50.1 From nobody Sat Nov 15 08:50:45 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1753094833; cv=none; d=zohomail.com; s=zohoarc; b=G+sRFeK0Fkcn8XkOHlI00SMlwq2NcWcryfyPjtCTNgjoudFgR69mqg0OqaueNjPl9sPFuIGezMrhH5KXi1GG3lHfWIdOViDIEacHLwGmvRdBm+bOOGpKKq1ouUIH9lKuDovjSVxf2ty8wHulBaEWn4nklwy0U4RM21KYVasK0Os= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753094833; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ZZNXoUpZojGw4Up14HZf3MJGyeAwQkISGu6kItKqgXk=; b=FYZwUEY083kKUozfJBxXvKX3IvnOaOKAuT46YD7+XIXGM+h6/VsX+KUPLXW/K1m00rB2FGxehS+NjdF+QZPria6FwM4f6cauKU+I/n1vrh7fqzGRgFmF4O7UzcxsirIAShGWdmyBIoyLpI+9PZkDOKKL0oVMkgMOkPVVz1r65Sw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1753094833331880.9995425728682; Mon, 21 Jul 2025 03:47:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1udo2A-0005Xf-71; Mon, 21 Jul 2025 06:46:16 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1udo1o-0005Iv-8Z for qemu-devel@nongnu.org; Mon, 21 Jul 2025 06:45:56 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1udo1m-0001ee-4q for qemu-devel@nongnu.org; Mon, 21 Jul 2025 06:45:51 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-269-9xJajp5AP5e7V7YM_9fgog-1; Mon, 21 Jul 2025 06:45:45 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5797519560B5; Mon, 21 Jul 2025 10:45:44 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.213]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 13E651956094; Mon, 21 Jul 2025 10:45:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1753094748; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZZNXoUpZojGw4Up14HZf3MJGyeAwQkISGu6kItKqgXk=; b=JyvJgJRes+heXDOToOVRM9AzDSYHvxskHK/QbpgzpN/fotd6kmCQ06PoBP3DA8GMOfw5g8 vL9mbwEOQfYicpEhhrdP5rXwyghJvLGELZr2EGU/GnVm5kkzLfd+u8ihRSQaw7GK/VkBjd HN84Vx/a9Ur7i/3sZMdIKFDGM+Rjwso= X-MC-Unique: 9xJajp5AP5e7V7YM_9fgog-1 X-Mimecast-MFC-AGG-ID: 9xJajp5AP5e7V7YM_9fgog_1753094744 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Peter Maydell Subject: [PULL v2 3/4] crypto/x509-utils: Check for error from gnutls_x509_crt_init() Date: Mon, 21 Jul 2025 11:45:35 +0100 Message-ID: <20250721104536.2856423-4-berrange@redhat.com> In-Reply-To: <20250721104536.2856423-1-berrange@redhat.com> References: <20250721104536.2856423-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -29 X-Spam_score: -3.0 X-Spam_bar: --- X-Spam_report: (-3.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.926, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1753094834849116600 From: Peter Maydell Coverity notes that in qcrypto_get_x509_cert_fingerprint() we call gnutls_x509_crt_init() but don't check for an error return. Add the missing check. Coverity: CID 1593155 Fixes: 10a1d34fc0d ("crypto: Introduce x509 utils") Signed-off-by: Peter Maydell Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/x509-utils.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/crypto/x509-utils.c b/crypto/x509-utils.c index 8bad00a51b..39bb6d4d8c 100644 --- a/crypto/x509-utils.c +++ b/crypto/x509-utils.c @@ -46,7 +46,11 @@ int qcrypto_get_x509_cert_fingerprint(uint8_t *cert, siz= e_t size, return -1; } =20 - gnutls_x509_crt_init(&crt); + if (gnutls_x509_crt_init(&crt) < 0) { + error_setg(errp, "Unable to initialize certificate: %s", + gnutls_strerror(ret)); + return -1; + } =20 if (gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM) !=3D 0) { error_setg(errp, "Failed to import certificate"); --=20 2.50.1 From nobody Sat Nov 15 08:50:45 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1753094881; cv=none; d=zohomail.com; s=zohoarc; b=FLDJac7uWYBLgn/+NJ3WYlqntKf7rq/TIYLXEBFYwQAsSrGV7/UHsgwhwc7ON812Xsvy0yr6LOxIWk+IeBI4vdqSGwbBF+iCN0jvfTMaOJFlnqENkRV2KrSgiLT8lPeY/3TixwQQDLUJTO7UzFnJbpV0z3rYx9N7FdwIKN6ULRk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1753094881; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=hR5FcqGKar0sSorkgUJRMQcBi1bKI8mVPIX2gZMVqk0=; b=TOV3E6290icKygENnmeRGKJYpmtKSwou8Heq4jim57CAY7w5yhC1VaAUcR3n6FenZ9pHQ7rIiYZKDv1I4GyX7xMgcF9JTK1Ge7jkLOUDBKC5p4Kgtmb5LGMek7kKyQeITsCIeD2ay6GVgFMMJkYuBO3ua2NDDQVavNql4+8yPUE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175309488169084.4868761794703; Mon, 21 Jul 2025 03:48:01 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1udo3i-0006am-FS; Mon, 21 Jul 2025 06:47:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1udo1q-0005KE-VG for qemu-devel@nongnu.org; Mon, 21 Jul 2025 06:45:56 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1udo1o-0001eu-SR for qemu-devel@nongnu.org; Mon, 21 Jul 2025 06:45:54 -0400 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-567-W4tfiXQlM2G2zhcsbhw1mw-1; Mon, 21 Jul 2025 06:45:47 -0400 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 402FB1956088; Mon, 21 Jul 2025 10:45:46 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.213]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id C8C3019560A1; Mon, 21 Jul 2025 10:45:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1753094750; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hR5FcqGKar0sSorkgUJRMQcBi1bKI8mVPIX2gZMVqk0=; b=UXmLXvkPhpdACf4XSoNGDZ96BY7PS4dzIwKwnhkXM1xjbB3bcQtoh4cj8EDAeEXVSE7a9S GbvDAxdzIiCYz4zgXlykUUwtnPMgHWQOWgcN95DticnvEFEQ2P4yhtLfvqU88tzZ16Vrq0 7MT0dVFuiRaf/l/ttkHhF4s31E+KR8w= X-MC-Unique: W4tfiXQlM2G2zhcsbhw1mw-1 X-Mimecast-MFC-AGG-ID: W4tfiXQlM2G2zhcsbhw1mw_1753094746 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Henry Kleynhans Subject: [PULL v2 4/4] crypto: load all certificates in X509 CA file Date: Mon, 21 Jul 2025 11:45:36 +0100 Message-ID: <20250721104536.2856423-5-berrange@redhat.com> In-Reply-To: <20250721104536.2856423-1-berrange@redhat.com> References: <20250721104536.2856423-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -29 X-Spam_score: -3.0 X-Spam_bar: --- X-Spam_report: (-3.0 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.926, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1753094883327116600 From: Henry Kleynhans Some CA files may contain multiple intermediaries and roots of trust. These may not fit into the hard-coded limit of 16. Extend the validation code to allocate enough space to load all of the certificates present in the CA file and ensure they are cleaned up. Reviewed-by: Daniel P. Berrang=C3=A9 Signed-off-by: Henry Kleynhans [DB: drop MAX_CERTS constant & whitespace tweaks] Signed-off-by: Daniel P. Berrang=C3=A9 --- crypto/tlscredsx509.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/crypto/tlscredsx509.c b/crypto/tlscredsx509.c index 63a72fe47c..cd1f504471 100644 --- a/crypto/tlscredsx509.c +++ b/crypto/tlscredsx509.c @@ -426,9 +426,8 @@ qcrypto_tls_creds_load_cert(QCryptoTLSCredsX509 *creds, static int qcrypto_tls_creds_load_ca_cert_list(QCryptoTLSCredsX509 *creds, const char *certFile, - gnutls_x509_crt_t *certs, - unsigned int certMax, - size_t *ncerts, + gnutls_x509_crt_t **certs, + unsigned int *ncerts, Error **errp) { gnutls_datum_t data; @@ -449,20 +448,18 @@ qcrypto_tls_creds_load_ca_cert_list(QCryptoTLSCredsX5= 09 *creds, data.data =3D (unsigned char *)buf; data.size =3D strlen(buf); =20 - if (gnutls_x509_crt_list_import(certs, &certMax, &data, - GNUTLS_X509_FMT_PEM, 0) < 0) { + if (gnutls_x509_crt_list_import2(certs, ncerts, &data, + GNUTLS_X509_FMT_PEM, 0) < 0) { error_setg(errp, "Unable to import CA certificate list %s", certFile); return -1; } - *ncerts =3D certMax; =20 return 0; } =20 =20 -#define MAX_CERTS 16 static int qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509 *creds, bool isServer, @@ -471,12 +468,11 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX5= 09 *creds, Error **errp) { gnutls_x509_crt_t cert =3D NULL; - gnutls_x509_crt_t cacerts[MAX_CERTS]; - size_t ncacerts =3D 0; + gnutls_x509_crt_t *cacerts =3D NULL; + unsigned int ncacerts =3D 0; size_t i; int ret =3D -1; =20 - memset(cacerts, 0, sizeof(cacerts)); if (certFile && access(certFile, R_OK) =3D=3D 0) { cert =3D qcrypto_tls_creds_load_cert(creds, @@ -488,8 +484,9 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509= *creds, } if (access(cacertFile, R_OK) =3D=3D 0) { if (qcrypto_tls_creds_load_ca_cert_list(creds, - cacertFile, cacerts, - MAX_CERTS, &ncacerts, + cacertFile, + &cacerts, + &ncacerts, errp) < 0) { goto cleanup; } @@ -526,6 +523,8 @@ qcrypto_tls_creds_x509_sanity_check(QCryptoTLSCredsX509= *creds, for (i =3D 0; i < ncacerts; i++) { gnutls_x509_crt_deinit(cacerts[i]); } + g_free(cacerts); + return ret; } =20 --=20 2.50.1