Fix framebuffer update boundary check

Framebuffer boundary checks need to take into account offset, in addition to width/height * src/vncconnection.c: Fix boundary check

Fix framebuffer update boundary check
Framebuffer boundary checks need to take into account offset, in addition to width/height * src/vncconnection.c: Fix boundary check
f3fc5e57 · Daniel P. Berrange · 5760a2a2 · f3fc5e57
Commit f3fc5e57 authored Nov 23, 2010 by Daniel P. Berrange
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 9 deletions

vncconnection.c src/vncconnection.c +10 -9

No files found.
--- a/src/vncconnection.c
+++ b/src/vncconnection.c
@@ -2653,13 +2653,14 @@ static void vnc_connection_ext_key_event(VncConnection *conn)


 static gboolean vnc_connection_validate_boundary(VncConnection *conn,
+						 guint16 x, guint16 y,
 						 guint16 width, guint16 height)
 {
 	VncConnectionPrivate *priv = conn->priv;

-	if (width > priv->width || height > priv->height) {
-		VNC_DEBUG("Framebuffer update %dx%d outside boundary %dx%d",
-			  width, height, priv->width, priv->height);
+	if ((x + width) > priv->width || (y + height) > priv->height) {
+		VNC_DEBUG("Framebuffer update %dx%d at %d,%d outside boundary %dx%d",
+			  width, height, x, y, priv->width, priv->height);
 		priv->has_error = TRUE;
 	}

@@ -2681,37 +2682,37 @@ static gboolean vnc_connection_framebuffer_update(VncConnection *conn, gint32 et

 	switch (etype) {
 	case VNC_CONNECTION_ENCODING_RAW:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_raw_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_COPY_RECT:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_copyrect_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_RRE:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_rre_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_HEXTILE:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_hextile_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_ZRLE:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_zrle_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_TIGHT:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_tight_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);