Patchwork [2/2] qxl/verify_surface_cmd: check format != 0 (buggy drivers can do that)

login
register
mail settings
Submitter Alon Levy
Date Nov. 20, 2012, 9:19 a.m.
Message ID <1353403141-32070-2-git-send-email-alevy@redhat.com>
Download mbox | patch
Permalink /patch/200270/
State New
Headers show

Comments

Alon Levy - Nov. 20, 2012, 9:19 a.m.
Signed-off-by: Alon Levy <alevy@redhat.com>
---
 hw/qxl.c | 6 ++++++
 1 file changed, 6 insertions(+)

Patch

diff --git a/hw/qxl.c b/hw/qxl.c
index af5f68e..91e4fec 100644
--- a/hw/qxl.c
+++ b/hw/qxl.c
@@ -455,6 +455,12 @@  static int verify_surface_cmd(PCIQXLDevice *qxl, QXLSurfaceCmd *cmd)
             return 1;
         }
     }
+    if (cmd->type == QXL_SURFACE_CMD_CREATE &&
+        cmd->u.surface_create.format == 0) {
+        qxl_set_guest_bug(qxl, "QXL_CMD_SURFACE invalid format: %u\n",
+                          cmd->u.surface_create.format);
+        return 1;
+    }
     return 0;
 }