diff options
| author | Chris Wilson <chris@chris-wilson.co.uk> | 2009-09-06 10:17:40 +0100 |
|---|---|---|
| committer | Chris Wilson <chris@chris-wilson.co.uk> | 2009-09-06 10:21:00 +0100 |
| commit | 67d40e5c7300c4082484dbda5c81808737bb2ac5 (patch) | |
| tree | 5445f7bf36bef130363932c80b126c633f4a829d | |
| parent | 310cebf194919cf3a7c37e724e64962ae47343cc (diff) | |
[xlib] Protect ourselves from liars that claim to have a 64k window
Found using webkit, who attempt to paint an width X page height window.
Please, please clip large windows to the visible area. Thanks.
| -rw-r--r-- | src/cairo-xlib-surface.c | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/src/cairo-xlib-surface.c b/src/cairo-xlib-surface.c index a8507ffd..375c6605 100644 --- a/src/cairo-xlib-surface.c +++ b/src/cairo-xlib-surface.c @@ -3063,6 +3063,11 @@ cairo_xlib_surface_create (Display *dpy, cairo_surface_t *surface; cairo_status_t status; + if (width > XLIB_COORD_MAX || height > XLIB_COORD_MAX) { + /* you're lying, and you know it! */ + return _cairo_surface_create_in_error (CAIRO_STATUS_INVALID_SIZE); + } + scr = _cairo_xlib_screen_from_visual (dpy, visual); if (scr == NULL) return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_INVALID_VISUAL)); @@ -3104,6 +3109,9 @@ cairo_xlib_surface_create_for_bitmap (Display *dpy, cairo_surface_t *surface; cairo_status_t status; + if (width > XLIB_COORD_MAX || height > XLIB_COORD_MAX) + return _cairo_surface_create_in_error (CAIRO_STATUS_INVALID_SIZE); + status = _cairo_xlib_screen_get (dpy, scr, &screen); if (unlikely (status)) return _cairo_surface_create_in_error (status); @@ -3149,6 +3157,9 @@ cairo_xlib_surface_create_with_xrender_format (Display *dpy, cairo_surface_t *surface; cairo_status_t status; + if (width > XLIB_COORD_MAX || height > XLIB_COORD_MAX) + return _cairo_surface_create_in_error (CAIRO_STATUS_INVALID_SIZE); + status = _cairo_xlib_screen_get (dpy, scr, &screen); if (unlikely (status)) return _cairo_surface_create_in_error (status); @@ -3222,6 +3233,12 @@ cairo_xlib_surface_set_size (cairo_surface_t *abstract_surface, return; } + if (width > XLIB_COORD_MAX || height > XLIB_COORD_MAX) { + status = _cairo_surface_set_error (abstract_surface, + CAIRO_STATUS_INVALID_SIZE); + return; + } + surface->width = width; surface->height = height; } @@ -3254,6 +3271,12 @@ cairo_xlib_surface_set_drawable (cairo_surface_t *abstract_surface, return; } + if (width > XLIB_COORD_MAX || height > XLIB_COORD_MAX) { + status = _cairo_surface_set_error (abstract_surface, + CAIRO_STATUS_INVALID_SIZE); + return; + } + /* XXX: and what about this case? */ if (surface->owns_pixmap) return; @@ -3423,7 +3446,7 @@ cairo_xlib_surface_get_width (cairo_surface_t *abstract_surface) if (! _cairo_surface_is_xlib (abstract_surface)) { _cairo_error_throw (CAIRO_STATUS_SURFACE_TYPE_MISMATCH); - return -1; + return 0; } return surface->width; @@ -3446,7 +3469,7 @@ cairo_xlib_surface_get_height (cairo_surface_t *abstract_surface) if (! _cairo_surface_is_xlib (abstract_surface)) { _cairo_error_throw (CAIRO_STATUS_SURFACE_TYPE_MISMATCH); - return -1; + return 0; } return surface->height; |