[linux-agent v2 2/4] x11-randr: Improve argument check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Victor Toso <me@xxxxxxxxxxxxxx>

In the current code, output should never be negative but the check
exists after we use the variable as index. Make the check earlier.

Found by coverity:
  | check_after_sink: You might be using variable "output" before
  | verifying that it is >= 0.

Changes in v2:
- Move overflow check before accessing the arrays (Frediano)

Signed-off-by: Victor Toso <victortoso@xxxxxxxxxx>
---
 src/vdagent/x11-randr.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/vdagent/x11-randr.c b/src/vdagent/x11-randr.c
index c8e42c9..a144d7d 100644
--- a/src/vdagent/x11-randr.c
+++ b/src/vdagent/x11-randr.c
@@ -347,12 +347,18 @@ static int xrandr_add_and_set(struct vdagent_x11 *x11, int output, int x, int y,
     int xid;
     Status s;
     RROutput outputs[1];
-    int old_width  = x11->randr.monitor_sizes[output].width;
-    int old_height = x11->randr.monitor_sizes[output].height;
+    int old_width;
+    int old_height;
 
-    if (!x11->randr.res || output >= x11->randr.res->noutput || output < 0) {
-        syslog(LOG_ERR, "%s: program error: missing RANDR or bad output",
-               __FUNCTION__);
+    if (output < 0 || output >= x11->randr.res->noutput) {
+        syslog(LOG_ERR, "%s: program error: bad output", __FUNCTION__);
+        return 0;
+    }
+
+    old_width  = x11->randr.monitor_sizes[output].width;
+    old_height = x11->randr.monitor_sizes[output].height;
+    if (!x11->randr.res) {
+        syslog(LOG_ERR, "%s: program error: missing RANDR", __FUNCTION__);
         return 0;
     }
     if (x11->set_crtc_config_not_functional) {
-- 
2.19.2

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel




[Index of Archives]     [Linux Virtualization]     [Linux Virtualization]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]