Re: [PATCH v3 1/2] server/red_parse_qxl: disallow zero area bitmaps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
On 07/22/2012 01:04 PM, Alon Levy wrote:

prevents division by zero later (SIGFPE, Arithmetic exception) in
spice-common code, at spice-common/common/canvas_base.c:646
for both client and server (server only upon rendering).
---
  server/red_parse_qxl.c |    4 ++++
  1 file changed, 4 insertions(+)

diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c
index daae897..00cc534 100644
--- a/server/red_parse_qxl.c
+++ b/server/red_parse_qxl.c
@@ -371,6 +371,10 @@ static SpiceImage *red_get_image(RedMemSlotInfo *slots, int group_id,
                            red->u.bitmap.format);
              return NULL;
          }
+        if (qxl->bitmap.x == 0 || qxl->bitmap.y == 0) {
+            spice_warning("guest error: zero area bitmap\n");
+            return NULL;
+        }
          qxl_flags = qxl->bitmap.flags;
          if (qxl_flags&  QXL_BITMAP_TOP_DOWN) {
              red->u.bitmap.flags = SPICE_BITMAP_FLAGS_TOP_DOWN;


Looks like this routine suffers from a leak of SpiceImage
see "red = spice_new0(SpiceImage, 1);|

goto some cleanup section before returning NULL.

Cheers,
Yonit.
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]