> From: "Frediano Ziglio" <fziglio@xxxxxxxxxx>
>
> Do not just give warning and continue to use an invalid index into
> an array.
>
Nack!
One issue is that on create surface do not work correctly.
Frediano
> Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> ---
> server/red_worker.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/server/red_worker.c b/server/red_worker.c
> index e70c008..cd7fea4 100644
> --- a/server/red_worker.c
> +++ b/server/red_worker.c
> @@ -1303,7 +1303,10 @@ static int validate_drawable_bbox(RedWorker *worker,
> RedDrawable *drawable)
>
> static inline int validate_surface(RedWorker *worker, uint32_t surface_id)
> {
> - spice_warn_if(surface_id >= worker->n_surfaces);
> + if SPICE_UNLIKELY(surface_id >= worker->n_surfaces) {
> + spice_warning("invalid surface_id %u", surface_id);
> + return 0;
> + }
> if (!worker->surfaces[surface_id].context.canvas) {
> spice_warning("canvas address is %p for %d (and is NULL)\n",
> &(worker->surfaces[surface_id].context.canvas),
> surface_id);
> @@ -4277,7 +4280,12 @@ static inline void red_process_surface(RedWorker
> *worker, RedSurfaceCmd *surface
> uint8_t *data;
>
> surface_id = surface->surface_id;
> - __validate_surface(worker, surface_id);
> + if SPICE_UNLIKELY(!validate_surface(worker, surface_id)) {
> + rendering_incorrect(__func__);
> + red_put_surface_cmd(surface);
> + free(surface);
> + return;
> + }
>
> red_surface = &worker->surfaces[surface_id];
>
> --
> 2.4.3
>
>
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel