[PATCH xserver 2/2] glamor: Avoid overflow between box32 and box16 box
Keith Packard
keithp at keithp.com
Sun Aug 6 04:03:58 UTC 2017
Olivier Fourdan <ofourdan at redhat.com> writes:
> @@ -722,11 +723,11 @@ glamor_compute_transform_clipped_regions(PixmapPtr pixmap,
> temp_box.x2 = MIN(temp_box.x2, pixmap->drawable.width);
> temp_box.y2 = MIN(temp_box.y2, pixmap->drawable.height);
> }
> - /* Now copy back the box32 to a box16 box. */
> - short_box.x1 = temp_box.x1;
> - short_box.y1 = temp_box.y1;
> - short_box.x2 = temp_box.x2;
> - short_box.y2 = temp_box.y2;
> + /* Now copy back the box32 to a box16 box, avoiding overflow. */
> + short_box.x1 = MIN(temp_box.x1, INT16_MAX);
> + short_box.y1 = MIN(temp_box.y1, INT16_MAX);
> + short_box.x2 = MIN(temp_box.x2, INT16_MAX);
> + short_box.y2 = MIN(temp_box.y2, INT16_MAX);
temp_box.y2 and temp_box.x2 are already clipped to the pixmap size, and
the server should be limiting those to INT16_MAX. Is that not true for
this case somehow?
--
-keith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.x.org/archives/xorg-devel/attachments/20170806/ca09641f/attachment.sig>
More information about the xorg-devel
mailing list