[Spice-commits] xddm/display

Yonit Halperin yhalperi at kemper.freedesktop.org
Mon Jun 24 14:00:31 PDT 2013 

 xddm/display/res.c |   12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

New commits:
commit 0a2458574d3c22314ff58758ad98c820374de370
Author: Yonit Halperin <yhalperi at redhat.com>
Date:   Fri Jun 21 08:37:58 2013 -0400

    display: handle correctly bitmaps with line-size > 64K
    
    rhbz#966835
    
    We do not support copying such bitmaps. But instead of failing
    operations that involve such bitmaps we either BSODed (in checked
    builds), or proceeded with the bitmap copying (in free builds) - this lead to an infinite
    loop allocating QXLDataChunks without any data, just header.

diff --git a/xddm/display/res.c b/xddm/display/res.c
index e494271..6f04475 100644
--- a/xddm/display/res.c
+++ b/xddm/display/res.c
@@ -1871,7 +1871,11 @@ static _inline Resource *GetBitmapImage(PDev *pdev, SURFOBJ *surf, XLATEOBJ *col
     DEBUG_PRINT((pdev, 12, "%s\n", __FUNCTION__));
     ASSERT(pdev, width > 0 && height > 0);
 
-    ASSERT(pdev, BITS_BUF_MAX > line_size);
+    if (line_size >= BITS_BUF_MAX) {
+        DEBUG_PRINT((pdev, 0, "%s: line size (%u) exceeds max (%u)\n", __FUNCTION__,
+                     line_size, BITS_BUF_MAX));
+        return NULL;
+    }
     alloc_size = BITMAP_ALLOC_BASE + BITS_BUF_MAX - BITS_BUF_MAX % line_size;
     alloc_size = MIN(BITMAP_ALLOC_BASE + height * line_size, alloc_size);
     image_res = AllocMem(pdev, MSPACE_TYPE_DEVRAM, alloc_size);
@@ -2305,6 +2309,9 @@ BOOL QXLGetBitmap(PDev *pdev, QXLDrawable *drawable, QXLPHYSICAL *image_phys, SU
                                    src, line_size, key))) {
         image_res = GetBitmapImage(pdev, surf, color_trans, !!cache_image, width, height, format,
                                    src, line_size, key);
+        if (!image_res) {
+            return FALSE;
+        }
     }
     internal = (InternalImage *)image_res->res;
     if (high_bits_set) {
@@ -2435,6 +2442,9 @@ BOOL QXLGetAlphaBitmap(PDev *pdev, QXLDrawable *drawable, QXLPHYSICAL *image_phy
                                    SPICE_BITMAP_FMT_RGBA, src, width << 2, key))) {
         image_res = GetBitmapImage(pdev, surf, NULL, !!cache_image, width, height,
                                    SPICE_BITMAP_FMT_RGBA, src, width << 2, key);
+        if (!image_res) {
+            return FALSE;
+        }
     }
     internal = (InternalImage *)image_res->res;
     if ((internal->cache = cache_image)) {

More information about the Spice-commits mailing list