On 26/07/17 04:51 PM, Olivier Fourdan wrote: > glamor_compute_transform_clipped_regions() uses a temporary box32 > internally which is copied back to a box16 to init the regions16, > thus causing a potential overflow. > > If an overflow occurs, the given region is invalid and the pixmap > init region will fail. > > Simply check that the coordinates won't overflow when copying back to > the box16, avoiding a crash later down the line in glamor. > > Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=101894 > Signed-off-by: Olivier Fourdan <[email protected]> > --- > v2: Make sure we have (x1,y1) < (x2,y2) in case of overflow to avoid an > empty region.
An empty region actually seems more appropriate to me in that case. Maybe just don't call RegionInitBoxes if short_box is empty? -- Earthling Michel Dänzer | http://www.amd.com Libre software enthusiast | Mesa and X developer _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
