[PATCH xserver 2/2] glamor: Avoid overflow between box32 and box16 box
Olivier Fourdan
ofourdan at redhat.com
Mon Aug 28 08:58:50 UTC 2017
Hi Keith,
> > @@ -722,11 +723,11 @@ glamor_compute_transform_clipped_regions(PixmapPtr
> > pixmap,
> > temp_box.x2 = MIN(temp_box.x2, pixmap->drawable.width);
> > temp_box.y2 = MIN(temp_box.y2, pixmap->drawable.height);
> > }
> > - /* Now copy back the box32 to a box16 box. */
> > - short_box.x1 = temp_box.x1;
> > - short_box.y1 = temp_box.y1;
> > - short_box.x2 = temp_box.x2;
> > - short_box.y2 = temp_box.y2;
> > + /* Now copy back the box32 to a box16 box, avoiding overflow. */
> > + short_box.x1 = MIN(temp_box.x1, INT16_MAX);
> > + short_box.y1 = MIN(temp_box.y1, INT16_MAX);
> > + short_box.x2 = MIN(temp_box.x2, INT16_MAX);
> > + short_box.y2 = MIN(temp_box.y2, INT16_MAX);
>
> temp_box.y2 and temp_box.x2 are already clipped to the pixmap size, and
> the server should be limiting those to INT16_MAX. Is that not true for
> this case somehow?
Sorry for the delay, I was on PTO...
What I observed is that the issue occurs because temp_box.x2 is 32768:
https://bugs.freedesktop.org/show_bug.cgi?id=101894#c6
Cheers,
Olivier
More information about the xorg-devel
mailing list