[Spice-devel] [PATCH spice-server] display-channel: Avoid potential crash from buggy guest driver
Frediano Ziglio
fziglio at redhat.com
Mon Jun 17 16:13:06 UTC 2019
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1582137.
Signed-off-by: Frediano Ziglio <fziglio at redhat.com>
---
server/display-channel.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/server/display-channel.c b/server/display-channel.c
index 071c01409..7ddd44c14 100644
--- a/server/display-channel.c
+++ b/server/display-channel.c
@@ -2032,7 +2032,11 @@ void display_channel_update(DisplayChannel *display,
SpiceRect rect;
RedSurface *surface;
- spice_return_if_fail(display_channel_validate_surface(display, surface_id));
+ // Check that the request is valid, the surface_id comes directly from the guest
+ if (!display_channel_validate_surface(display, surface_id)) {
+ // just return, display_channel_validate_surface already logged a warning
+ return;
+ }
red_get_rect_ptr(&rect, area);
display_channel_draw(display, &rect, surface_id);
--
2.20.1
More information about the Spice-devel
mailing list