[Spice-devel] server/red_parse_qxl: disallow zero area bitmaps

Submitted by Alon Levy on July 20, 2012, 4:41 p.m.

Details

Message ID 1342802461-30492-1-git-send-email-alevy@redhat.com
State New
Headers show

Not browsing as part of any series.

Commit Message

Alon Levy July 20, 2012, 4:41 p.m.
prevents division by zero later (SIGFPE, Arithmetic exception) in
spice-common code, at spice-common/common/canvas_base.c:646
for both client and server (server only upon rendering).
---
 server/red_parse_qxl.c |    4 ++++
 1 file changed, 4 insertions(+)

Patch hide | download patch | download mbox

diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c
index daae897..7de21e4 100644
--- a/server/red_parse_qxl.c
+++ b/server/red_parse_qxl.c
@@ -371,6 +371,10 @@  static SpiceImage *red_get_image(RedMemSlotInfo *slots, int group_id,
                           red->u.bitmap.format);
             return NULL;
         }
+        if (qxl->bitmap.x == 0 && qxl->bitmap.y == 0) {
+            spice_warning("guest error: zero area bitmap\n");
+            return NULL;
+        }
         qxl_flags = qxl->bitmap.flags;
         if (qxl_flags & QXL_BITMAP_TOP_DOWN) {
             red->u.bitmap.flags = SPICE_BITMAP_FLAGS_TOP_DOWN;

Comments

On Fri, Jul 20, 2012 at 07:41:01PM +0300, Alon Levy wrote:
> prevents division by zero later (SIGFPE, Arithmetic exception) in
> spice-common code, at spice-common/common/canvas_base.c:646
> for both client and server (server only upon rendering).
> ---
>  server/red_parse_qxl.c |    4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c
> index daae897..7de21e4 100644
> --- a/server/red_parse_qxl.c
> +++ b/server/red_parse_qxl.c
> @@ -371,6 +371,10 @@ static SpiceImage *red_get_image(RedMemSlotInfo *slots, int group_id,
>                            red->u.bitmap.format);
>              return NULL;
>          }
> +        if (qxl->bitmap.x == 0 && qxl->bitmap.y == 0) {

This should of course be ||

> +            spice_warning("guest error: zero area bitmap\n");
> +            return NULL;
> +        }
>          qxl_flags = qxl->bitmap.flags;
>          if (qxl_flags & QXL_BITMAP_TOP_DOWN) {
>              red->u.bitmap.flags = SPICE_BITMAP_FLAGS_TOP_DOWN;
> -- 
> 1.7.10.1
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel