Le 25/06/2014 16:09, Alvaro Fernando García a écrit : > Init cursor size to 64x64 if drmGetCap() fails. > > Use Mesa GBM_BO_USE_CURSOR define (which removes 64x64 restriction) > > Signed-off-by: Alvaro Fernando García <[email protected]> > --- > src/compositor-drm.c | 43 ++++++++++++++++++++++++++++++++++++------- > 1 file changed, 36 insertions(+), 7 deletions(-) > > diff --git a/src/compositor-drm.c b/src/compositor-drm.c > index 7d514e4..61ddea1 100644 > --- a/src/compositor-drm.c > +++ b/src/compositor-drm.c > @@ -55,6 +55,14 @@ > #define DRM_CAP_TIMESTAMP_MONOTONIC 0x6 > #endif > > +#ifndef DRM_CAP_CURSOR_WIDTH > +#define DRM_CAP_CURSOR_WIDTH 0x8 > +#endif > + > +#ifndef DRM_CAP_CURSOR_HEIGHT > +#define DRM_CAP_CURSOR_HEIGHT 0x9 > +#endif > + > static int option_current_mode = 0; > > enum output_config { > @@ -108,6 +116,9 @@ struct drm_compositor { > > clockid_t clock; > struct udev_input input; > + > + uint32_t cursor_width; > + uint32_t cursor_height; > }; > > struct drm_mode { > @@ -987,7 +998,7 @@ drm_output_set_cursor(struct drm_output *output) > (struct drm_compositor *) output->base.compositor; > EGLint handle, stride; > struct gbm_bo *bo; > - uint32_t buf[64 * 64]; > + uint32_t buf[c->cursor_width * c->cursor_height];
I didn't check, just asking: are we sure that cursor_width and cursor_height are controlled values ? Because if they're coming from the user without checks, we could have a nice stack or int overflow here. Regards -- David FORT website: http://www.hardening-consulting.com/ _______________________________________________ wayland-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/wayland-devel
