[Spice-devel] [PATCH v3 1/2] server/red_parse_qxl: disallow zero area bitmaps
Yonit Halperin
yhalperi at redhat.com
Sun Jul 22 03:25:49 PDT 2012
Hi,
On 07/22/2012 01:04 PM, Alon Levy wrote:
> prevents division by zero later (SIGFPE, Arithmetic exception) in
> spice-common code, at spice-common/common/canvas_base.c:646
> for both client and server (server only upon rendering).
> ---
> server/red_parse_qxl.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/server/red_parse_qxl.c b/server/red_parse_qxl.c
> index daae897..00cc534 100644
> --- a/server/red_parse_qxl.c
> +++ b/server/red_parse_qxl.c
> @@ -371,6 +371,10 @@ static SpiceImage *red_get_image(RedMemSlotInfo *slots, int group_id,
> red->u.bitmap.format);
> return NULL;
> }
> + if (qxl->bitmap.x == 0 || qxl->bitmap.y == 0) {
> + spice_warning("guest error: zero area bitmap\n");
> + return NULL;
> + }
> qxl_flags = qxl->bitmap.flags;
> if (qxl_flags& QXL_BITMAP_TOP_DOWN) {
> red->u.bitmap.flags = SPICE_BITMAP_FLAGS_TOP_DOWN;
Looks like this routine suffers from a leak of SpiceImage
see "red = spice_new0(SpiceImage, 1);|
goto some cleanup section before returning NULL.
Cheers,
Yonit.
More information about the Spice-devel
mailing list