pxcloud/spice
5
0
Fork 0
mirror of https://gitlab.uni-freiburg.de/opensourcevdi/spice synced 2025-12-28 08:01:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

red-parse-qxl: Check consistency of QXL_DRAW_COPY operations

Browse Source 
The source area should not extend outside the source bitmap, or have
swapped coordinates.

Signed-off-by: Francois Gouget <fgouget@codeweavers.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
This commit is contained in:
Francois Gouget 2016-06-01 10:51:55 +01:00 committed by Frediano Ziglio
parent 3037b078f5
commit ff1a381f60
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
server/red-parse-qxl.c
View File

@ -682,6 +682,20 @@ static int red_get_copy_ptr(RedMemSlotInfo *slots, int group_id,
return 1;
}
red_get_rect_ptr(&red->src_area, &qxl->src_area);
/* The source area should not extend outside the source bitmap or have
* swapped coordinates.
*/
if (red->src_area.left < 0 ||
red->src_area.left > red->src_area.right ||
red->src_area.top < 0 ||
red->src_area.top > red->src_area.bottom) {
return 1;
}
if (red->src_bitmap->descriptor.type == SPICE_IMAGE_TYPE_BITMAP &&
(red->src_area.right > red->src_bitmap->u.bitmap.x ||
red->src_area.bottom > red->src_bitmap->u.bitmap.y)) {
return 1;
}
red->rop_descriptor = qxl->rop_descriptor;
red->scale_mode = qxl->scale_mode;
red_get_qmask_ptr(slots, group_id, &red->mask, &qxl->mask, flags);