[Spice-devel] [PATCH 3/5] server: Use the right image size for self_bitmap

[alexl at redhat.com]

From: Alexander Larsson <alexl at redhat.com>

The self_bitmap is the size of self_bitmap_area, not the bbox.
This is especially important since we later copy the self_bitmap_area
into the new bitmap, and if that is larger than bbox then we will
overwrite random memory.
---
 server/red_worker.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/red_worker.c b/server/red_worker.c
index ef1c998..5a2477a 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -3271,8 +3271,8 @@ static inline int red_handle_self_bitmap(RedWorker *worker, Drawable *drawable)
 
     bpp = SPICE_SURFACE_FMT_DEPTH(surface->context.format) / 8;
 
-    width = drawable->red_drawable->bbox.right - drawable->red_drawable->bbox.left;
-    height = drawable->red_drawable->bbox.bottom - drawable->red_drawable->bbox.top;
+    width = drawable->red_drawable->self_bitmap_area.right - drawable->red_drawable->self_bitmap_area.left;
+    height = drawable->red_drawable->self_bitmap_area.bottom - drawable->red_drawable->self_bitmap_area.top;
     dest_stride = SPICE_ALIGN(width * bpp, 4);
 
     image = spice_new0(SpiceImage, 1);
-- 
1.7.2.2