diff options
| author | Gerd Hoffmann <kraxel@redhat.com> | 2014-02-19 11:40:17 +0100 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2014-02-24 13:00:52 +0100 |
| commit | 9c70434f825fd0d2e89d1aa0f872159378d0aab3 (patch) | |
| tree | 965a696a5633c16608dc1dad003041809cce58b8 /hw/display | |
| parent | 105a060188dc6fdd4551571a966514d1a5f6815a (diff) | |
| download | qemu-9c70434f825fd0d2e89d1aa0f872159378d0aab3.tar.gz qemu-9c70434f825fd0d2e89d1aa0f872159378d0aab3.tar.bz2 qemu-9c70434f825fd0d2e89d1aa0f872159378d0aab3.zip | |
qxl: add sanity check
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
Diffstat (limited to 'hw/display')
| -rw-r--r-- | hw/display/qxl.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/hw/display/qxl.c b/hw/display/qxl.c index 1471cc093b..2a559ebcc9 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -1429,7 +1429,7 @@ static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async) return 1; } -static void qxl_set_mode(PCIQXLDevice *d, int modenr, int loadvm) +static void qxl_set_mode(PCIQXLDevice *d, unsigned int modenr, int loadvm) { pcibus_t start = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr; pcibus_t end = d->pci.io_regions[QXL_RAM_RANGE_INDEX].size + start; @@ -1439,6 +1439,12 @@ static void qxl_set_mode(PCIQXLDevice *d, int modenr, int loadvm) .mem_start = start, .mem_end = end }; + + if (modenr >= d->modes->n_modes) { + qxl_set_guest_bug(d, "mode number out of range"); + return; + } + QXLSurfaceCreate surface = { .width = mode->x_res, .height = mode->y_res, |