This patch prevents possible memory leak.
Found by coverity.
Signed-off-by: Uri Lublin <uril@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
The QXLMessage has no size so potentially a guest could give an
address that cause the string to overflow out of the video memory.
The current solution is to parse the message, release the resources
associated without printing the message from the client.
This also considering that the QXLMessage usage was deprecated
a while ago (I don't know exactly when).
This patches limit the string to 100000 characters (guest can feed
so much logs in other way) and limit to video memory.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
SpiceBlend and SpiceCopy are just different names for the same
structure.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Make possible to reuse it outside red-parse-qxl.c.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
The segment_size computation on 32 bit can lead to big numbers which
can lead to negative offset. Let'ss avoid to underrun the buffer,
as it's not checked.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Fabiano Fidêncio <fidencio@redhat.com>
Use 64 bit arithmetic to avoid overflows.
The multiplication between count and a constant can overflow.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Fabiano Fidêncio <fidencio@redhat.com>
The source area should not extend outside the source bitmap, or have
swapped coordinates.
Signed-off-by: Francois Gouget <fgouget@codeweavers.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
The include directory is specified with the -I which is the directory
used directly by #include<>.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
The structure is strictly used by the parser only, no reason to make it
public.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
Storing a QXLReleaseInfoExt rather than a QXLReleaseInfo in RedDrawable
gives us a place to store group_id for free. Since we are building a
QXLReleaseInfoExt from QXLReleaseInfo and group_id when destroying a
RedDrawable instance, this is a move in the right direction.
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Instead of returning 0 which could be a valid value returns an invalid
one and check on the caller.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
