[PATCH xserver v2 2/2] glamor: Avoid overflow between box32 and box16 box
Michel Dänzer
michel at daenzer.net
Wed Jul 26 08:02:02 UTC 2017
On 26/07/17 04:51 PM, Olivier Fourdan wrote:
> glamor_compute_transform_clipped_regions() uses a temporary box32
> internally which is copied back to a box16 to init the regions16,
> thus causing a potential overflow.
>
> If an overflow occurs, the given region is invalid and the pixmap
> init region will fail.
>
> Simply check that the coordinates won't overflow when copying back to
> the box16, avoiding a crash later down the line in glamor.
>
> Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=101894
> Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
> ---
> v2: Make sure we have (x1,y1) < (x2,y2) in case of overflow to avoid an
> empty region.
An empty region actually seems more appropriate to me in that case.
Maybe just don't call RegionInitBoxes if short_box is empty?
--
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Mesa and X developer
More information about the xorg-devel
mailing list