diff options
author | Alon Levy <alevy@redhat.com> | 2012-08-21 13:51:31 +0300 |
---|---|---|
committer | Gerd Hoffmann <kraxel@redhat.com> | 2012-09-05 17:11:55 +0200 |
commit | 511b13e2c9b426b3c56060909693de5097f0b496 (patch) | |
tree | e32a8278518c92770d12fe3c8dc49a28748ed031 | |
parent | 27af778828db9aa893fa1de928744141e5de20e5 (diff) | |
download | qemu-511b13e2c9b426b3c56060909693de5097f0b496.tar.gz qemu-511b13e2c9b426b3c56060909693de5097f0b496.tar.bz2 qemu-511b13e2c9b426b3c56060909693de5097f0b496.zip |
qxl/update_area_io: guest_bug on invalid parameters
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-rw-r--r-- | hw/qxl.c | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -1386,6 +1386,18 @@ async_common: QXLCookie *cookie = NULL; QXLRect update = d->ram->update_area; + if (d->ram->update_surface > NUM_SURFACES) { + qxl_set_guest_bug(d, "QXL_IO_UPDATE_AREA: invalid surface id %d\n", + d->ram->update_surface); + return; + } + if (update.left >= update.right || update.top >= update.bottom) { + qxl_set_guest_bug(d, + "QXL_IO_UPDATE_AREA: invalid area (%ux%u)x(%ux%u)\n", + update.left, update.top, update.right, update.bottom); + return; + } + if (async == QXL_ASYNC) { cookie = qxl_cookie_new(QXL_COOKIE_TYPE_IO, QXL_IO_UPDATE_AREA_ASYNC); |