[Spice-devel] [SPICE-GTK PATCH] channel-display: add more protection against bad access to streams

Thu Dec 6 04:26:19 PST 2012

---
 gtk/channel-display.c |   16 ++++++++++++++--
 1 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/gtk/channel-display.c b/gtk/channel-display.c
index 77959b9..d07b65c 100644
--- a/gtk/channel-display.c
+++ b/gtk/channel-display.c
@@ -1239,9 +1239,14 @@ static void display_handle_stream_data(SpiceChannel *channel, SpiceMsgIn *in)
 {
     SpiceDisplayChannelPrivate *c = SPICE_DISPLAY_CHANNEL(channel)->priv;
     SpiceStreamDataHeader *op = spice_msg_in_parsed(in);
-    display_stream *st = c->streams[op->id];
+    display_stream *st;
     guint32 mmtime;
 
+    g_return_if_fail(c != NULL);
+    g_return_if_fail(c->streams != NULL);
+    g_return_if_fail(c->nstreams > op->id);
+
+    st =  c->streams[op->id];
     mmtime = spice_session_get_mm_time(spice_channel_get_session(channel));
 
     if (spice_msg_in_type(in) == SPICE_MSG_DISPLAY_STREAM_DATA_SIZED) {
@@ -1269,7 +1274,13 @@ static void display_handle_stream_clip(SpiceChannel *channel, SpiceMsgIn *in)
 {
     SpiceDisplayChannelPrivate *c = SPICE_DISPLAY_CHANNEL(channel)->priv;
     SpiceMsgDisplayStreamClip *op = spice_msg_in_parsed(in);
-    display_stream *st = c->streams[op->id];
+    display_stream *st;
+
+    g_return_if_fail(c != NULL);
+    g_return_if_fail(c->streams != NULL);
+    g_return_if_fail(c->nstreams > op->id);
+
+    st = c->streams[op->id];
 
     if (st->msg_clip) {
         spice_msg_in_unref(st->msg_clip);
@@ -1292,6 +1303,7 @@ static void destroy_stream(SpiceChannel *channel, int id)
 
     g_return_if_fail(c != NULL);
     g_return_if_fail(c->streams != NULL);
+    g_return_if_fail(c->nstreams > id);
 
     st = c->streams[id];
     if (!st)
-- 
1.7.1

