Do not just give warning and continue to use an invalid index into
an array.
Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
---
server/red_worker.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/server/red_worker.c b/server/red_worker.c
index e70c008..cd7fea4 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -1303,7 +1303,10 @@ static int validate_drawable_bbox(RedWorker *worker, RedDrawable *drawable)
static inline int validate_surface(RedWorker *worker, uint32_t surface_id)
{
- spice_warn_if(surface_id >= worker->n_surfaces);
+ if SPICE_UNLIKELY(surface_id >= worker->n_surfaces) {
+ spice_warning("invalid surface_id %u", surface_id);
+ return 0;
+ }
if (!worker->surfaces[surface_id].context.canvas) {
spice_warning("canvas address is %p for %d (and is NULL)\n",
&(worker->surfaces[surface_id].context.canvas), surface_id);
@@ -4277,7 +4280,12 @@ static inline void red_process_surface(RedWorker *worker, RedSurfaceCmd *surface
uint8_t *data;
surface_id = surface->surface_id;
- __validate_surface(worker, surface_id);
+ if SPICE_UNLIKELY(!validate_surface(worker, surface_id)) {
+ rendering_incorrect(__func__);
+ red_put_surface_cmd(surface);
+ free(surface);
+ return;
+ }
red_surface = &worker->surfaces[surface_id];
--
2.4.3
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel