From: Victor Toso <me@xxxxxxxxxxxxxx>
In the current code, output should never be negative but the check
exists after we use the variable as index. Make the check earlier.
Found by coverity:
| check_after_sink: You might be using variable "output" before
| verifying that it is >= 0.
Changes in v2:
- Move overflow check before accessing the arrays (Frediano)
Signed-off-by: Victor Toso <victortoso@xxxxxxxxxx>
---
src/vdagent/x11-randr.c | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/vdagent/x11-randr.c b/src/vdagent/x11-randr.c
index c8e42c9..a144d7d 100644
--- a/src/vdagent/x11-randr.c
+++ b/src/vdagent/x11-randr.c
@@ -347,12 +347,18 @@ static int xrandr_add_and_set(struct vdagent_x11 *x11, int output, int x, int y,
int xid;
Status s;
RROutput outputs[1];
- int old_width = x11->randr.monitor_sizes[output].width;
- int old_height = x11->randr.monitor_sizes[output].height;
+ int old_width;
+ int old_height;
- if (!x11->randr.res || output >= x11->randr.res->noutput || output < 0) {
- syslog(LOG_ERR, "%s: program error: missing RANDR or bad output",
- __FUNCTION__);
+ if (output < 0 || output >= x11->randr.res->noutput) {
+ syslog(LOG_ERR, "%s: program error: bad output", __FUNCTION__);
+ return 0;
+ }
+
+ old_width = x11->randr.monitor_sizes[output].width;
+ old_height = x11->randr.monitor_sizes[output].height;
+ if (!x11->randr.res) {
+ syslog(LOG_ERR, "%s: program error: missing RANDR", __FUNCTION__);
return 0;
}
if (x11->set_crtc_config_not_functional) {
--
2.19.2
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel