The attributes in this case are not used to apply the mask. Doing so avoid sending garbage from the guest which usually don't initialise the memory in case the mask is missing. Guest should have cleared these bytes by its own however doing so on the server fixes the problem too. Considering that these command should not appears in newer OSes it's surely not a hot path code. These garbage came from video memory of the guest so they don't contain sensitive data. This fixes https://gitlab.freedesktop.org/spice/spice-server/issues/25. Signed-off-by: Frediano Ziglio <fziglio@xxxxxxxxxx> --- server/red-parse-qxl.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c index afae94316..a4ac6a473 100644 --- a/server/red-parse-qxl.c +++ b/server/red-parse-qxl.c @@ -626,9 +626,15 @@ static void red_put_brush(SpiceBrush *red) static void red_get_qmask_ptr(RedMemSlotInfo *slots, int group_id, SpiceQMask *red, QXLQMask *qxl, uint32_t flags) { - red->flags = qxl->flags; - red_get_point_ptr(&red->pos, &qxl->pos); red->bitmap = red_get_image(slots, group_id, qxl->bitmap, flags, true); + if (red->bitmap) { + red->flags = qxl->flags; + red_get_point_ptr(&red->pos, &qxl->pos); + } else { + red->flags = 0; + red->pos.x = 0; + red->pos.y = 0; + } } static void red_put_qmask(SpiceQMask *red) -- 2.20.1 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel