virtio-gpu: add sanity check

Require a minimum 16x16 size for the scanout, to make sure the guest can't set either width or height to zero. This (a) doesn't make sense at all and (b) causes problems in some UI code. When using spice this will triggers an assert(). Reported-by: Tyler Slabinski <tslabinski@slabity.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-id: 20190527091226.4943-1-kraxel@redhat.com
author: Gerd Hoffmann <kraxel@redhat.com> 2019-05-27 11:12:26 +0200
committer: Gerd Hoffmann <kraxel@redhat.com> 2019-05-28 08:14:44 +0200
commit: da35f7f1eeff9f249a9597400fc514c83fd3a0f8 (patch)
tree: e90bd5cc8c9b9acc91ff5b5d46c50cf8e337b240 /hw/display/virtio-gpu.c
parent: a7b21f6762a2d6ec08106d8a7ccb11829914523f (diff)
download: focaccia-qemu-da35f7f1eeff9f249a9597400fc514c83fd3a0f8.tar.gz
focaccia-qemu-da35f7f1eeff9f249a9597400fc514c83fd3a0f8.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c
index 9e37e0ac96..372b31ef0a 100644
--- a/hw/display/virtio-gpu.c
+++ b/hw/display/virtio-gpu.c
@@ -677,6 +677,8 @@ static void virtio_gpu_set_scanout(VirtIOGPU *g,
 
     if (ss.r.x > res->width ||
         ss.r.y > res->height ||
+        ss.r.width < 16 ||
+        ss.r.height < 16 ||
         ss.r.width > res->width ||
         ss.r.height > res->height ||
         ss.r.x + ss.r.width > res->width ||
author	Gerd Hoffmann <kraxel@redhat.com>	2019-05-27 11:12:26 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2019-05-28 08:14:44 +0200
commit	da35f7f1eeff9f249a9597400fc514c83fd3a0f8 (patch)
tree	e90bd5cc8c9b9acc91ff5b5d46c50cf8e337b240 /hw/display/virtio-gpu.c
parent	a7b21f6762a2d6ec08106d8a7ccb11829914523f (diff)
download	focaccia-qemu-da35f7f1eeff9f249a9597400fc514c83fd3a0f8.tar.gz focaccia-qemu-da35f7f1eeff9f249a9597400fc514c83fd3a0f8.zip