From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C5B0C07542 for ; Mon, 27 May 2019 09:13:30 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B2EA721734 for ; Mon, 27 May 2019 09:13:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B2EA721734 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Received: from localhost ([127.0.0.1]:42389 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hVBhA-00087A-NT for qemu-devel@archiver.kernel.org; Mon, 27 May 2019 05:13:28 -0400 Received: from eggs.gnu.org ([209.51.188.92]:37111) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hVBgM-0007qb-Jr for qemu-devel@nongnu.org; Mon, 27 May 2019 05:12:39 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hVBgL-0005xR-QS for qemu-devel@nongnu.org; Mon, 27 May 2019 05:12:38 -0400 Received: from mx1.redhat.com ([209.132.183.28]:51866) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hVBgL-0005x9-MG for qemu-devel@nongnu.org; Mon, 27 May 2019 05:12:37 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EDE933082B15; Mon, 27 May 2019 09:12:36 +0000 (UTC) Received: from sirius.home.kraxel.org (ovpn-116-59.ams2.redhat.com [10.36.116.59]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2724D5D704; Mon, 27 May 2019 09:12:32 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 659D616E1A; Mon, 27 May 2019 11:12:26 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Date: Mon, 27 May 2019 11:12:26 +0200 Message-Id: <20190527091226.4943-1-kraxel@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.45]); Mon, 27 May 2019 09:12:37 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH] virtio-gpu: add sanity check X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Michael S. Tsirkin" , Gerd Hoffmann , tslabinski@slabity.net Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" Require a minimum 16x16 size for the scanout, to make sure the guest can't set either width or height to zero. This (a) doesn't make sense at all and (b) causes problems in some UI code. When using spice this will triggers an assert(). Reported-by: Tyler Slabinski Signed-off-by: Gerd Hoffmann --- hw/display/virtio-gpu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 9e37e0ac96b7..372b31ef0af2 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -677,6 +677,8 @@ static void virtio_gpu_set_scanout(VirtIOGPU *g, if (ss.r.x > res->width || ss.r.y > res->height || + ss.r.width < 16 || + ss.r.height < 16 || ss.r.width > res->width || ss.r.height > res->height || ss.r.x + ss.r.width > res->width || -- 2.18.1