[PATCH xserver 2/4] glamor: Cannot use copies when accessing outside of composite source

Keith Packard keithp at keithp.com
Sun Jun 5 03:27:36 UTC 2016 

From: Michel Dänzer <michel.daenzer at amd.com>

Commit b64108fa ("glamor: Check for composite operations which are
equivalent to copies") failed to copy conditions from exaComposite which
ensure that the composite operation doesn't access outside of the source
picture.

This fixes rendercheck regressions from the commit above.

Reviewed-by: Keith Packard <keithp at keithp.com>
---
 glamor/glamor_render.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/glamor/glamor_render.c b/glamor/glamor_render.c
index 165bced..64141ac 100644
--- a/glamor/glamor_render.c
+++ b/glamor/glamor_render.c
@@ -1424,18 +1424,21 @@ glamor_composite_clipped_region(CARD8 op,
     if (!mask && !source->alphaMap && !dest->alphaMap
         && source->pDrawable && !source->transform
         && ((op == PictOpSrc
-             && ((source->format == dest->format
-                  || (PICT_FORMAT_COLOR(dest->format)
-                      && PICT_FORMAT_COLOR(source->format)
-                      && dest->format == PICT_FORMAT(PICT_FORMAT_BPP(source->format),
-                                                     PICT_FORMAT_TYPE(source->format),
-                                                     0,
-                                                     PICT_FORMAT_R(source->format),
-                                                     PICT_FORMAT_G(source->format),
-                                                     PICT_FORMAT_B(source->format))))
-                 || (op == PictOpOver
-                     && source->format == dest->format
-                     && !PICT_FORMAT_A(source->format)))))) {
+             && (source->format == dest->format
+                 || (PICT_FORMAT_COLOR(dest->format)
+                     && PICT_FORMAT_COLOR(source->format)
+                     && dest->format == PICT_FORMAT(PICT_FORMAT_BPP(source->format),
+                                                    PICT_FORMAT_TYPE(source->format),
+                                                    0,
+                                                    PICT_FORMAT_R(source->format),
+                                                    PICT_FORMAT_G(source->format),
+                                                    PICT_FORMAT_B(source->format)))))
+            || (op == PictOpOver
+                && source->format == dest->format
+                && !PICT_FORMAT_A(source->format)))
+        && x_source >= 0 && y_source >= 0
+        && (x_source + width) <= source->pDrawable->width
+        && (y_source + height) <= source->pDrawable->height) {
         x_source += source->pDrawable->x;
         y_source += source->pDrawable->y;
         x_dest += dest->pDrawable->x;
-- 
2.8.1

More information about the xorg-devel mailing list