[Spice-devel] [PATCH spice-server] red-parse-qxl: Reset mask attributes if brush image is missing

[Frediano Ziglio]

The attributes in this case are not used to apply the mask.
Doing so avoid sending garbage from the guest which usually
don't initialise the memory in case the mask is missing.
Guest should have cleared these bytes by its own however doing so
on the server fixes the problem too. Considering that these
command should not appears in newer OSes it's surely not a hot path
code.
These garbage came from video memory of the guest so they don't
contain sensitive data.

This fixes https://gitlab.freedesktop.org/spice/spice-server/issues/25.

Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
 server/red-parse-qxl.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c
index afae94316..a4ac6a473 100644
--- a/server/red-parse-qxl.c
+++ b/server/red-parse-qxl.c
@@ -626,9 +626,15 @@ static void red_put_brush(SpiceBrush *red)
 static void red_get_qmask_ptr(RedMemSlotInfo *slots, int group_id,
                               SpiceQMask *red, QXLQMask *qxl, uint32_t flags)
 {
-    red->flags  = qxl->flags;
-    red_get_point_ptr(&red->pos, &qxl->pos);
     red->bitmap = red_get_image(slots, group_id, qxl->bitmap, flags, true);
+    if (red->bitmap) {
+        red->flags  = qxl->flags;
+        red_get_point_ptr(&red->pos, &qxl->pos);
+    } else {
+        red->flags  = 0;
+        red->pos.x = 0;
+        red->pos.y = 0;
+    }
 }
 
 static void red_put_qmask(SpiceQMask *red)
-- 
2.20.1