[Spice-devel] [linux-agent v2 2/4] x11-randr: Improve argument check
Victor Toso
victortoso at redhat.com
Wed Dec 19 14:21:41 UTC 2018
Hi,
On Wed, Dec 19, 2018 at 03:19:37PM +0100, Victor Toso wrote:
> From: Victor Toso <me at victortoso.com>
>
> In the current code, output should never be negative but the check
> exists after we use the variable as index. Make the check earlier.
>
> Found by coverity:
> | check_after_sink: You might be using variable "output" before
> | verifying that it is >= 0.
>
> Changes in v2:
> - Move overflow check before accessing the arrays (Frediano)
>
> Signed-off-by: Victor Toso <victortoso at redhat.com>
> ---
> src/vdagent/x11-randr.c | 16 +++++++++++-----
> 1 file changed, 11 insertions(+), 5 deletions(-)
>
> diff --git a/src/vdagent/x11-randr.c b/src/vdagent/x11-randr.c
> index c8e42c9..a144d7d 100644
> --- a/src/vdagent/x11-randr.c
> +++ b/src/vdagent/x11-randr.c
> @@ -347,12 +347,18 @@ static int xrandr_add_and_set(struct vdagent_x11 *x11, int output, int x, int y,
> int xid;
> Status s;
> RROutput outputs[1];
> - int old_width = x11->randr.monitor_sizes[output].width;
> - int old_height = x11->randr.monitor_sizes[output].height;
> + int old_width;
> + int old_height;
>
> - if (!x11->randr.res || output >= x11->randr.res->noutput || output < 0) {
> - syslog(LOG_ERR, "%s: program error: missing RANDR or bad output",
> - __FUNCTION__);
> + if (output < 0 || output >= x11->randr.res->noutput) {
> + syslog(LOG_ERR, "%s: program error: bad output", __FUNCTION__);
> + return 0;
> + }
> +
> + old_width = x11->randr.monitor_sizes[output].width;
> + old_height = x11->randr.monitor_sizes[output].height;
> + if (!x11->randr.res) {
> + syslog(LOG_ERR, "%s: program error: missing RANDR", __FUNCTION__);
Ignore, sending v3 :(
> return 0;
> }
> if (x11->set_crtc_config_not_functional) {
> --
> 2.19.2
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20181219/8e4cabeb/attachment.sig>
More information about the Spice-devel
mailing list