[Qemu-devel] [PATCH 2/3] qxl: refuse to create primary larger then fb size

Sun, 10 Jun 2012 23:24:45 -0700 

Signed-off-by: Alon Levy <al...@redhat.com>
---
 hw/qxl.c |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/hw/qxl.c b/hw/qxl.c
index a9b4fd1..6596856 100644
--- a/hw/qxl.c
+++ b/hw/qxl.c
@@ -1204,6 +1204,16 @@ static void qxl_create_guest_primary(PCIQXLDevice *qxl, 
int loadvm,
 {
     QXLDevSurfaceCreate surface;
     QXLSurfaceCreate *sc = &qxl->guest_primary.surface;
+    int size;
+    int requested_height = le32_to_cpu(sc->height);
+    int requested_stride = le32_to_cpu(sc->stride);
+
+    size = abs(requested_stride) * requested_height;
+    if (size > qxl->fb_size) {
+        qxl_set_guest_bug(qxl, "%s: requested primary larger then framebuffer"
+                               " size", __func__);
+        return;
+    }
 
     if (qxl->mode == QXL_MODE_NATIVE) {
         qxl_set_guest_bug(qxl, "%s: nop since already in QXL_MODE_NATIVE",
-- 
1.7.10.1

Reply via email to