[PATCH] add boundary check for damage information
juan.j.zhao at intel.com
juan.j.zhao at intel.com
Wed Oct 26 01:04:51 PDT 2011
From: Juan Zhao <juan.j.zhao at intel.com>
Some clients may set wrong boundaries for damage or send the wrong surface.
These may cause the server segment fault. Add the boundary check here to avoid server error.
---
compositor/compositor.c | 7 +++++++
compositor/compositor.h | 2 ++
2 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/compositor/compositor.c b/compositor/compositor.c
index 8fff0d1..72f63a1 100644
--- a/compositor/compositor.c
+++ b/compositor/compositor.c
@@ -285,6 +285,13 @@ wlsc_surface_damage_rectangle(struct wlsc_surface *surface,
int32_t width, int32_t height)
{
struct wlsc_compositor *compositor = surface->compositor;
+
+ /*The Width and Height can be generated by client, and may be incorrect.
+ add boundary check before calling pixman api,
+ which may cause server segment fault*/
+ if( x < 0 || y < 0 ||
+ width > OUTPUT_MAX_WIDTH || height > OUTPUT_MAX_HEIGHT)
+ return;
pixman_region32_union_rect(&surface->damage,
&surface->damage,
diff --git a/compositor/compositor.h b/compositor/compositor.h
index 9a210b9..5b0158d 100644
--- a/compositor/compositor.h
+++ b/compositor/compositor.h
@@ -236,6 +236,8 @@ struct wlsc_compositor {
#define MODIFIER_CTRL (1 << 8)
#define MODIFIER_ALT (1 << 9)
#define MODIFIER_SUPER (1 << 10)
+#define OUTPUT_MAX_WIDTH (1 << 16)
+#define OUTPUT_MAX_HEIGHT (1 << 16)
enum wlsc_output_flags {
WL_OUTPUT_FLIPPED = 0x01
--
1.7.1
More information about the wayland-devel
mailing list