[gtk-vnc] Fix size check on available write buffer space

[Daniel P. Berrange <dberrange src gnome org>]

commit 10ce6d8f96e650d0b946622db22baac2fcfaadfb
Author: Daniel P. Berrange <berrange redhat com>
Date:   Fri Dec 7 15:38:55 2012 +0000

    Fix size check on available write buffer space
    
    The vnc_connection_write() function did not consider the current
    write offset when calculating how much space was available in
    the write buffer. This could lead to an array overrun.

 src/vncconnection.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)
---
diff --git a/src/vncconnection.c b/src/vncconnection.c
index ef55cb2..3cac1dc 100644
--- a/src/vncconnection.c
+++ b/src/vncconnection.c
@@ -989,7 +989,8 @@ static void vnc_connection_write(VncConnection *conn, const void *data, size_t l
             vnc_connection_flush(conn);
         }
 
-        tmp = MIN(sizeof(priv->write_buffer), len - offset);
+        tmp = MIN(sizeof(priv->write_buffer) - priv->write_offset,
+                  len - offset);
 
         memcpy(priv->write_buffer+priv->write_offset, ptr + offset, tmp);