>
> On Mon, 2016-09-19 at 09:30 +0100, Frediano Ziglio wrote:
> > Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx>
> > ---
> > server/display-channel.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/server/display-channel.c b/server/display-channel.c
> > index 108e69b..3290565 100644
> > --- a/server/display-channel.c
> > +++ b/server/display-channel.c
> > @@ -1968,6 +1968,7 @@ void
> > display_channel_process_surface_cmd(DisplayChannel *display,
> > RedSurfaceCmd
> > }
> > data = surface->u.surface_create.data;
> > if (stride < 0) {
> > + /* no worry for overflow here, command is already
> > validated */
> > data -= (int32_t)(stride * (height - 1));
> > }
> > display_channel_create_surface(display, surface_id, surface-
> > >u.surface_create.width,
>
>
> Hmm, it doesn't look like the command has been validated in *this*
> function.
>
That's why adding a comment helps.
But probably would help even more to detail where is checked.
Frediano
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel