Re: [PATCH xf86-video-qxl] When uploading a region, do not go outside the source image size.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 12, 2014 at 02:25:14PM -0500, Jeremy White wrote:
> This problem was exposed (and probably only occurs) when using XSpice
> in dfps mode with spice-html5, and resizing from larger to smaller.
> The screen would be resized, but the update region would still attempt
> to transmit any pending changes to the (now) truncated surface.  This
> would often lead to a crash.
> 
> Signed-off-by: Jeremy White <jwhite@xxxxxxxxxxxxxxx>
> ---
>  src/qxl_image.c   |    2 ++
>  src/qxl_surface.c |    9 ++++++---
>  2 files changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/src/qxl_image.c b/src/qxl_image.c
> index 8927fd4..53212de 100644
> --- a/src/qxl_image.c
> +++ b/src/qxl_image.c
> @@ -62,6 +62,8 @@ hash_and_copy (const uint8_t *src, int src_stride,
>  	const uint8_t *src_line = src + i * src_stride;
>  	uint8_t *dest_line = dest + i * dest_stride;
>  	int n_bytes = width * bytes_per_pixel;
> +        if (n_bytes > src_stride)
> +            n_bytes = src_stride;

This file uses tabs. It seems there's a check to adjust the height in
qxl_image_create() before calling into hash_and_copy? 'width' in
qxl_image_create() is used a few times more in this function, I don't
know if it's an issue that it's too big?

Christophe

>  
>  	if (dest)
>  	    memcpy (dest_line, src_line, n_bytes);
> diff --git a/src/qxl_surface.c b/src/qxl_surface.c
> index 1075eae..72a7f88 100644
> --- a/src/qxl_surface.c
> +++ b/src/qxl_surface.c
> @@ -290,10 +290,13 @@ upload_one_primary_region(qxl_screen_t *qxl, PixmapPtr pixmap, BoxPtr b)
>      int stride;
>      int bpp;
>  
> +    if (b->x1 >= qxl->virtual_x || b->y1 >= qxl->virtual_y)
> +        return;
> +
>      rect.left = b->x1;
> -    rect.right = b->x2;
> +    rect.right = min(b->x2, qxl->virtual_x);
>      rect.top = b->y1;
> -    rect.bottom = b->y2;
> +    rect.bottom = min(b->y2, qxl->virtual_y);
>  
>      drawable_bo = make_drawable (qxl, qxl->primary, QXL_DRAW_COPY, &rect);
>      drawable = qxl->bo_funcs->bo_map(drawable_bo);
> @@ -309,7 +312,7 @@ upload_one_primary_region(qxl_screen_t *qxl, PixmapPtr pixmap, BoxPtr b)
>  
>      fbGetPixmapBitsData(pixmap, data, stride, bpp);
>      image_bo = qxl_image_create (
> -	qxl, (const uint8_t *)data, b->x1, b->y1, b->x2 - b->x1, b->y2 - b->y1, stride * sizeof(*data),
> +	qxl, (const uint8_t *)data, rect.left, rect.top, rect.right - rect.left, rect.bottom - rect.top, stride * sizeof(*data),
>  	bpp == 24 ? 4 : bpp / 8, TRUE);
>      qxl->bo_funcs->bo_output_bo_reloc(qxl, offsetof(QXLDrawable, u.copy.src_bitmap),
>  				   drawable_bo, image_bo);
> -- 
> 1.7.10.4
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

Attachment: pgp5zUPpGG39t.pgp
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]