Commit f3fc5e57 authored by Daniel P. Berrange's avatar Daniel P. Berrange
Browse files

Fix framebuffer update boundary check

Framebuffer boundary checks need to take into account offset,
in addition to width/height

* src/vncconnection.c: Fix boundary check
parent 5760a2a2
......@@ -2653,13 +2653,14 @@ static void vnc_connection_ext_key_event(VncConnection *conn)
static gboolean vnc_connection_validate_boundary(VncConnection *conn,
guint16 x, guint16 y,
guint16 width, guint16 height)
{
VncConnectionPrivate *priv = conn->priv;
if (width > priv->width || height > priv->height) {
VNC_DEBUG("Framebuffer update %dx%d outside boundary %dx%d",
width, height, priv->width, priv->height);
if ((x + width) > priv->width || (y + height) > priv->height) {
VNC_DEBUG("Framebuffer update %dx%d at %d,%d outside boundary %dx%d",
width, height, x, y, priv->width, priv->height);
priv->has_error = TRUE;
}
......@@ -2681,37 +2682,37 @@ static gboolean vnc_connection_framebuffer_update(VncConnection *conn, gint32 et
switch (etype) {
case VNC_CONNECTION_ENCODING_RAW:
if (!vnc_connection_validate_boundary(conn, width, height))
if (!vnc_connection_validate_boundary(conn, x, y, width, height))
break;
vnc_connection_raw_update(conn, x, y, width, height);
vnc_connection_update(conn, x, y, width, height);
break;
case VNC_CONNECTION_ENCODING_COPY_RECT:
if (!vnc_connection_validate_boundary(conn, width, height))
if (!vnc_connection_validate_boundary(conn, x, y, width, height))
break;
vnc_connection_copyrect_update(conn, x, y, width, height);
vnc_connection_update(conn, x, y, width, height);
break;
case VNC_CONNECTION_ENCODING_RRE:
if (!vnc_connection_validate_boundary(conn, width, height))
if (!vnc_connection_validate_boundary(conn, x, y, width, height))
break;
vnc_connection_rre_update(conn, x, y, width, height);
vnc_connection_update(conn, x, y, width, height);
break;
case VNC_CONNECTION_ENCODING_HEXTILE:
if (!vnc_connection_validate_boundary(conn, width, height))
if (!vnc_connection_validate_boundary(conn, x, y, width, height))
break;
vnc_connection_hextile_update(conn, x, y, width, height);
vnc_connection_update(conn, x, y, width, height);
break;
case VNC_CONNECTION_ENCODING_ZRLE:
if (!vnc_connection_validate_boundary(conn, width, height))
if (!vnc_connection_validate_boundary(conn, x, y, width, height))
break;
vnc_connection_zrle_update(conn, x, y, width, height);
vnc_connection_update(conn, x, y, width, height);
break;
case VNC_CONNECTION_ENCODING_TIGHT:
if (!vnc_connection_validate_boundary(conn, width, height))
if (!vnc_connection_validate_boundary(conn, x, y, width, height))
break;
vnc_connection_tight_update(conn, x, y, width, height);
vnc_connection_update(conn, x, y, width, height);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment