qxl-render: add sanity check

Verify dirty rectangle is completely within the primary surface, just ignore it in case it isn't. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
author: Gerd Hoffmann <kraxel@redhat.com> 2014-06-10 13:51:12 +0200
committer: Gerd Hoffmann <kraxel@redhat.com> 2014-06-13 12:34:57 +0200
commit: 788fbf042fc6d5aaeab56757e6dad622ac5f0c21 (patch)
tree: af59ecbd9066aadb65b680aa26e6f2b5631b3732 /hw/display
parent: 5643fc012c2b7335eda43db90bd1e64d912428b0 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
index 84f1367716..cc2c2b1dbc 100644
--- a/hw/display/qxl-render.c
+++ b/hw/display/qxl-render.c
@@ -138,6 +138,12 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
         if (qemu_spice_rect_is_empty(qxl->dirty+i)) {
             break;
         }
+        if (qxl->dirty[i].left > qxl->dirty[i].right ||
+            qxl->dirty[i].top > qxl->dirty[i].bottom ||
+            qxl->dirty[i].right > qxl->guest_primary.surface.width ||
+            qxl->dirty[i].bottom > qxl->guest_primary.surface.height) {
+            continue;
+        }
         qxl_blit(qxl, qxl->dirty+i);
         dpy_gfx_update(vga->con,
                        qxl->dirty[i].left, qxl->dirty[i].top,
author	Gerd Hoffmann <kraxel@redhat.com>	2014-06-10 13:51:12 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2014-06-13 12:34:57 +0200
commit	788fbf042fc6d5aaeab56757e6dad622ac5f0c21 (patch)
tree	af59ecbd9066aadb65b680aa26e6f2b5631b3732 /hw/display
parent	5643fc012c2b7335eda43db90bd1e64d912428b0 (diff)