diff options
| author | Peter Maydell | 2014-02-25 16:17:24 +0100 |
|---|---|---|
| committer | Peter Maydell | 2014-02-25 16:17:24 +0100 |
| commit | a89d97df1f6d9f5bd6403a9d91d9d7cd86bdd394 (patch) | |
| tree | 6408cdca1ce4090c5eed3e11b68eb17c9175ebd9 | |
| parent | Merge remote-tracking branch 'remotes/mdroth/qga-pull-2014-02-24' into staging (diff) | |
| parent | qxl: add sanity check (diff) | |
| download | qemu-a89d97df1f6d9f5bd6403a9d91d9d7cd86bdd394.tar.gz qemu-a89d97df1f6d9f5bd6403a9d91d9d7cd86bdd394.tar.xz qemu-a89d97df1f6d9f5bd6403a9d91d9d7cd86bdd394.zip | |
Merge remote-tracking branch 'remotes/spice/tags/pull-spice-3' into staging
qxl: add sanity check
# gpg: Signature made Mon 24 Feb 2014 12:01:27 GMT using RSA key ID D3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>"
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>"
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>"
* remotes/spice/tags/pull-spice-3:
qxl: add sanity check
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | hw/display/qxl.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/hw/display/qxl.c b/hw/display/qxl.c index 1471cc093b..2a559ebcc9 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -1429,7 +1429,7 @@ static int qxl_destroy_primary(PCIQXLDevice *d, qxl_async_io async) return 1; } -static void qxl_set_mode(PCIQXLDevice *d, int modenr, int loadvm) +static void qxl_set_mode(PCIQXLDevice *d, unsigned int modenr, int loadvm) { pcibus_t start = d->pci.io_regions[QXL_RAM_RANGE_INDEX].addr; pcibus_t end = d->pci.io_regions[QXL_RAM_RANGE_INDEX].size + start; @@ -1439,6 +1439,12 @@ static void qxl_set_mode(PCIQXLDevice *d, int modenr, int loadvm) .mem_start = start, .mem_end = end }; + + if (modenr >= d->modes->n_modes) { + qxl_set_guest_bug(d, "mode number out of range"); + return; + } + QXLSurfaceCreate surface = { .width = mode->x_res, .height = mode->y_res, |