From: Victor Toso <me@xxxxxxxxxxxxxx> In the current code, output should never be negative but the check exists after we use the variable as index. Make the check earlier. Found by coverity: | check_after_sink: You might be using variable "output" before | verifying that it is >= 0. Changes in v2: - Move overflow check before accessing the arrays (Frediano) Signed-off-by: Victor Toso <victortoso@xxxxxxxxxx> --- src/vdagent/x11-randr.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/vdagent/x11-randr.c b/src/vdagent/x11-randr.c index c8e42c9..a144d7d 100644 --- a/src/vdagent/x11-randr.c +++ b/src/vdagent/x11-randr.c @@ -347,12 +347,18 @@ static int xrandr_add_and_set(struct vdagent_x11 *x11, int output, int x, int y, int xid; Status s; RROutput outputs[1]; - int old_width = x11->randr.monitor_sizes[output].width; - int old_height = x11->randr.monitor_sizes[output].height; + int old_width; + int old_height; - if (!x11->randr.res || output >= x11->randr.res->noutput || output < 0) { - syslog(LOG_ERR, "%s: program error: missing RANDR or bad output", - __FUNCTION__); + if (output < 0 || output >= x11->randr.res->noutput) { + syslog(LOG_ERR, "%s: program error: bad output", __FUNCTION__); + return 0; + } + + old_width = x11->randr.monitor_sizes[output].width; + old_height = x11->randr.monitor_sizes[output].height; + if (!x11->randr.res) { + syslog(LOG_ERR, "%s: program error: missing RANDR", __FUNCTION__); return 0; } if (x11->set_crtc_config_not_functional) { -- 2.19.2 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel