qxl-render: add more sanity checks
Damn, the dirty rectangle values are signed integers. So the checks
added by commit 788fbf042f
are not good
enough, we also have to make sure they are not negative.
[ Note: There must be something broken in spice-server so we get
negative values in the first place. Bug opened:
https://bugzilla.redhat.com/show_bug.cgi?id=1135372 ]
Cc: qemu-stable@nongnu.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
This commit is contained in:
parent
8b3030114a
commit
503b3b33fe
@ -138,7 +138,9 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
|
||||
if (qemu_spice_rect_is_empty(qxl->dirty+i)) {
|
||||
break;
|
||||
}
|
||||
if (qxl->dirty[i].left > qxl->dirty[i].right ||
|
||||
if (qxl->dirty[i].left < 0 ||
|
||||
qxl->dirty[i].top < 0 ||
|
||||
qxl->dirty[i].left > qxl->dirty[i].right ||
|
||||
qxl->dirty[i].top > qxl->dirty[i].bottom ||
|
||||
qxl->dirty[i].right > qxl->guest_primary.surface.width ||
|
||||
qxl->dirty[i].bottom > qxl->guest_primary.surface.height) {
|
||||
|
Loading…
Reference in New Issue
Block a user