diff options
| author | Yonit Halperin <yhalperi@redhat.com> | 2013-06-21 08:37:58 -0400 |
|---|---|---|
| committer | Alon Levy <alevy@redhat.com> | 2013-07-17 18:23:23 +0300 |
| commit | 734d8a0224649295431add7f300933b41ccd9ca2 (patch) | |
| tree | aa458b8dee15ee145b9538034c21f299f74d4d9c | |
| parent | 5020ad9f4a54d632daca3ccbc5522e3d44909c33 (diff) | |
display: handle correctly bitmaps with line-size > 64K
rhbz#966835
We do not support copying such bitmaps. But instead of failing
operations that involve such bitmaps we either BSODed (in checked
builds), or proceeded with the bitmap copying (in free builds) - this lead to an infinite
loop allocating QXLDataChunks without any data, just header.
(cherry picked from commit 0a2458574d3c22314ff58758ad98c820374de370)
| -rw-r--r-- | display/res.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/display/res.c b/display/res.c index e494271..6f04475 100644 --- a/display/res.c +++ b/display/res.c @@ -1871,7 +1871,11 @@ static _inline Resource *GetBitmapImage(PDev *pdev, SURFOBJ *surf, XLATEOBJ *col DEBUG_PRINT((pdev, 12, "%s\n", __FUNCTION__)); ASSERT(pdev, width > 0 && height > 0); - ASSERT(pdev, BITS_BUF_MAX > line_size); + if (line_size >= BITS_BUF_MAX) { + DEBUG_PRINT((pdev, 0, "%s: line size (%u) exceeds max (%u)\n", __FUNCTION__, + line_size, BITS_BUF_MAX)); + return NULL; + } alloc_size = BITMAP_ALLOC_BASE + BITS_BUF_MAX - BITS_BUF_MAX % line_size; alloc_size = MIN(BITMAP_ALLOC_BASE + height * line_size, alloc_size); image_res = AllocMem(pdev, MSPACE_TYPE_DEVRAM, alloc_size); @@ -2305,6 +2309,9 @@ BOOL QXLGetBitmap(PDev *pdev, QXLDrawable *drawable, QXLPHYSICAL *image_phys, SU src, line_size, key))) { image_res = GetBitmapImage(pdev, surf, color_trans, !!cache_image, width, height, format, src, line_size, key); + if (!image_res) { + return FALSE; + } } internal = (InternalImage *)image_res->res; if (high_bits_set) { @@ -2435,6 +2442,9 @@ BOOL QXLGetAlphaBitmap(PDev *pdev, QXLDrawable *drawable, QXLPHYSICAL *image_phy SPICE_BITMAP_FMT_RGBA, src, width << 2, key))) { image_res = GetBitmapImage(pdev, surf, NULL, !!cache_image, width, height, SPICE_BITMAP_FMT_RGBA, src, width << 2, key); + if (!image_res) { + return FALSE; + } } internal = (InternalImage *)image_res->res; if ((internal->cache = cache_image)) { |