[Spice-devel] [spice-gtk] cursor: Add sanity checks for hotspot x/y values
Marc-André Lureau
marcandre.lureau at redhat.com
Mon Jul 17 12:04:11 UTC 2017
Hi
----- Original Message -----
> The cursor hotspot values have to be inside the cursor bounding box,
> otherwise on X11 this may cause a crash of the application using
> spice-gtk.
>
> This is the client-side part of
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864998
>
> Signed-off-by: Christophe Fergeau <cfergeau at redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau at redhat.com>
> ---
> src/channel-cursor.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/src/channel-cursor.c b/src/channel-cursor.c
> index 14053a92..d7fa3df9 100644
> --- a/src/channel-cursor.c
> +++ b/src/channel-cursor.c
> @@ -405,6 +405,18 @@ static display_cursor *set_cursor(SpiceChannel *channel,
> SpiceCursor *scursor)
>
> g_return_val_if_fail(scursor->data_size != 0, NULL);
>
> + if (hdr->hot_spot_x > hdr->width) {
> + CHANNEL_DEBUG(channel,
> + "hot spot X position (%d) is outside cursor area,
> capping to cursor width (%d)",
> + hdr->hot_spot_x, hdr->width);
> + hdr->hot_spot_x = hdr->width;
> + }
> + if (hdr->hot_spot_y > hdr->height) {
> + CHANNEL_DEBUG(channel,
> + "hot spot Y position (%d) is outside cursor area,
> capping to cursor height (%d)",
> + hdr->hot_spot_y, hdr->height);
> + hdr->hot_spot_y = hdr->height;
> + }
> size = 4u * hdr->width * hdr->height;
> cursor = g_malloc0(sizeof(*cursor) + size);
> cursor->hdr = *hdr;
> --
> 2.13.3
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
>
More information about the Spice-devel
mailing list