glamor/glamor_largepixmap.c · server-1.20-branch · Rohan Garg / xserver

Blame

Forked from xorg / xserver

Source project has a limited visibility.

7 years ago

9869dcb3

glamor: Avoid overflow between box32 and box16 box · 9869dcb3

Olivier Fourdan authored 7 years ago and

Adam Jackson committed 7 years ago

glamor_compute_transform_clipped_regions() uses a temporary box32
internally which is copied back to a box16 to init the regions16,
thus causing a potential overflow.

If an overflow occurs, the given region is invalid and the pixmap
init region will fail.

Simply check that the coordinates won't overflow when copying back to
the box16, avoiding a crash later down the line in glamor.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=101894


Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Tested-by: Fabrice Bellet <fabrice@bellet.info>
Reviewed-by: Adam Jackson <ajax@redhat.com>

9869dcb3

History

glamor: Avoid overflow between box32 and box16 box

Olivier Fourdan authored 7 years ago and

Adam Jackson committed 7 years ago

glamor_compute_transform_clipped_regions() uses a temporary box32
internally which is copied back to a box16 to init the regions16,
thus causing a potential overflow.

If an overflow occurs, the given region is invalid and the pixmap
init region will fail.

Simply check that the coordinates won't overflow when copying back to
the box16, avoiding a crash later down the line in glamor.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=101894


Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Tested-by: Fabrice Bellet <fabrice@bellet.info>
Reviewed-by: Adam Jackson <ajax@redhat.com>

Admin message

Admin message