rpms / spice

Clone
Source Code
GIT

Blame SOURCES/0029-display-channel-Avoid-potential-crash-from-buggy-gue.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s
  1.   ea531191f4bd0a521d83371fd3b45a40983ff8ff
  2.   SOURCES
  3.   0029-display-channel-Avoid-potential-crash-from-buggy-gue.patch
Blob History Raw
6ba27a 
From bf968572d1f7a0052df2615b69b361b0ec652a29 Mon Sep 17 00:00:00 2001
6ba27a 
From: Frediano Ziglio <fziglio@redhat.com>
6ba27a 
Date: Mon, 17 Jun 2019 17:12:17 +0100
6ba27a 
Subject: [PATCH spice-server] display-channel: Avoid potential crash from
6ba27a 
 buggy guest driver
6ba27a
6ba27a 
This fixes https://bugzilla.redhat.com/show_bug.cgi?id=1582137.
6ba27a
6ba27a 
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
6ba27a 
Acked-by: Snir Sheriber <ssheribe@redhat.com>
6ba27a 
---
6ba27a 
 server/display-channel.c | 6 +++++-
6ba27a 
 1 file changed, 5 insertions(+), 1 deletion(-)
6ba27a
6ba27a 
diff --git a/server/display-channel.c b/server/display-channel.c
6ba27a 
index 071c01409..7ddd44c14 100644
6ba27a 
--- a/server/display-channel.c
6ba27a 
+++ b/server/display-channel.c
6ba27a 
@@ -2032,7 +2032,11 @@ void display_channel_update(DisplayChannel *display,
6ba27a 
     SpiceRect rect;
6ba27a 
     RedSurface *surface;
6ba27a
6ba27a 
-    spice_return_if_fail(display_channel_validate_surface(display, surface_id));
6ba27a 
+    // Check that the request is valid, the surface_id comes directly from the guest
6ba27a 
+    if (!display_channel_validate_surface(display, surface_id)) {
6ba27a 
+        // just return, display_channel_validate_surface already logged a warning
6ba27a 
+        return;
6ba27a 
+    }
6ba27a
6ba27a 
     red_get_rect_ptr(&rect, area);
6ba27a 
     display_channel_draw(display, &rect, surface_id);
6ba27a 
--
6ba27a 
2.20.1
6ba27a

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation