diff mbox

qxl-render: add sanity check

Message ID 1402403085-18054-1-git-send-email-kraxel@redhat.com
State New
Headers show

Commit Message

Gerd Hoffmann June 10, 2014, 12:24 p.m. UTC 
Verify dirty rectangle is completely within the primary surface,
just ignore it in case it isn't.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 hw/display/qxl-render.c | 6 ++++++
 1 file changed, 6 insertions(+)
diff mbox

Patch

diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
index 84f1367..cc2c2b1 100644
--- a/hw/display/qxl-render.c
+++ b/hw/display/qxl-render.c
@@ -138,6 +138,12 @@  static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
         if (qemu_spice_rect_is_empty(qxl->dirty+i)) {
             break;
         }
+        if (qxl->dirty[i].left > qxl->dirty[i].right ||
+            qxl->dirty[i].top > qxl->dirty[i].bottom ||
+            qxl->dirty[i].right > qxl->guest_primary.surface.width ||
+            qxl->dirty[i].bottom > qxl->guest_primary.surface.height) {
+            continue;
+        }
         qxl_blit(qxl, qxl->dirty+i);
         dpy_gfx_update(vga->con,
                        qxl->dirty[i].left, qxl->dirty[i].top,