Commit 1f80431a authored by Uri Lublin's avatar Uri Lublin Committed by Frediano Ziglio

Cursor: ignore big cursors

Return early if the cursor received from X is too big.

This fixes a covscan error: "sign_extension: Suspicious implicit sign extension":
  "cursor->width" with type "unsigned short" (16 bits, unsigned) is promoted in
  "cursor->width * cursor->height" to type "int" (32 bits, signed), then sign-extended
  to type "unsigned long" (64 bits, unsigned). If "cursor->width * cursor->height" is
  greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
Signed-off-by: Uri Lublin's avatarUri Lublin <uril@redhat.com>
Acked-by: Frediano Ziglio's avatarFrediano Ziglio <fziglio@redhat.com>
parent 5c486b6c
Pipeline #96490 passed with stage
in 3 minutes and 27 seconds
......@@ -103,6 +103,13 @@ void CursorUpdater::operator()()
continue;
}
if (cursor->width > STREAM_MSG_CURSOR_SET_MAX_WIDTH ||
cursor->height > STREAM_MSG_CURSOR_SET_MAX_HEIGHT) {
::syslog(LOG_WARNING, "cursor updater thread: ignoring cursor: too big %ux%u",
cursor->width, cursor->height);
continue;
}
last_serial = cursor->cursor_serial;
// the X11 cursor data may be in a wrong format, copy them to an uint32_t array
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment