[Spice-devel] [PATCH v2 2/3] server/red_parse_qxl: disallow zero area bitmaps

Alon Levy alevy at redhat.com
Sun Jul 22 01:39:22 PDT 2012


prevents division by zero later (SIGFPE, Arithmetic exception) in
spice-common code, at spice-common/common/canvas_base.c:646
for both client and server (server only upon rendering).
---
 server/red_parse_qxl.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c
index daae897..00cc534 100644
--- a/server/red_parse_qxl.c
+++ b/server/red_parse_qxl.c
@@ -371,6 +371,10 @@ static SpiceImage *red_get_image(RedMemSlotInfo *slots, int group_id,
                           red->u.bitmap.format);
             return NULL;
         }
+        if (qxl->bitmap.x == 0 || qxl->bitmap.y == 0) {
+            spice_warning("guest error: zero area bitmap\n");
+            return NULL;
+        }
         qxl_flags = qxl->bitmap.flags;
         if (qxl_flags & QXL_BITMAP_TOP_DOWN) {
             red->u.bitmap.flags = SPICE_BITMAP_FLAGS_TOP_DOWN;
-- 
1.7.10.1



More information about the Spice-devel mailing list