[Spice-devel] [PATCH] Validate correctly surfaces

[Frediano Ziglio]

Do not just give warning and continue to use an invalid index into
an array.

Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
 server/red_worker.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/server/red_worker.c b/server/red_worker.c
index e70c008..cd7fea4 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -1303,7 +1303,10 @@ static int validate_drawable_bbox(RedWorker *worker, RedDrawable *drawable)
 
 static inline int validate_surface(RedWorker *worker, uint32_t surface_id)
 {
-    spice_warn_if(surface_id >= worker->n_surfaces);
+    if SPICE_UNLIKELY(surface_id >= worker->n_surfaces) {
+        spice_warning("invalid surface_id %u", surface_id);
+        return 0;
+    }
     if (!worker->surfaces[surface_id].context.canvas) {
         spice_warning("canvas address is %p for %d (and is NULL)\n",
                    &(worker->surfaces[surface_id].context.canvas), surface_id);
@@ -4277,7 +4280,12 @@ static inline void red_process_surface(RedWorker *worker, RedSurfaceCmd *surface
     uint8_t *data;
 
     surface_id = surface->surface_id;
-    __validate_surface(worker, surface_id);
+    if SPICE_UNLIKELY(!validate_surface(worker, surface_id)) {
+        rendering_incorrect(__func__);
+        red_put_surface_cmd(surface);
+        free(surface);
+        return;
+    }
 
     red_surface = &worker->surfaces[surface_id];
 
-- 
2.4.3