commit f3fc5e57a78d4be9872f1394f697b9929873a737
Author: Daniel P. Berrange <dan@berrange.com>
Date:   Tue Nov 23 22:59:37 2010 +0000

    Fix framebuffer update boundary check
    
    Framebuffer boundary checks need to take into account offset,
    in addition to width/height
    
    * src/vncconnection.c: Fix boundary check

diff --git a/src/vncconnection.c b/src/vncconnection.c
index 433256a..165a5f1 100644
--- a/src/vncconnection.c
+++ b/src/vncconnection.c
@@ -2653,13 +2653,14 @@ static void vnc_connection_ext_key_event(VncConnection *conn)
 
 
 static gboolean vnc_connection_validate_boundary(VncConnection *conn,
+						 guint16 x, guint16 y,
 						 guint16 width, guint16 height)
 {
 	VncConnectionPrivate *priv = conn->priv;
 
-	if (width > priv->width || height > priv->height) {
-		VNC_DEBUG("Framebuffer update %dx%d outside boundary %dx%d",
-			  width, height, priv->width, priv->height);
+	if ((x + width) > priv->width || (y + height) > priv->height) {
+		VNC_DEBUG("Framebuffer update %dx%d at %d,%d outside boundary %dx%d",
+			  width, height, x, y, priv->width, priv->height);
 		priv->has_error = TRUE;
 	}
 
@@ -2681,37 +2682,37 @@ static gboolean vnc_connection_framebuffer_update(VncConnection *conn, gint32 et
 
 	switch (etype) {
 	case VNC_CONNECTION_ENCODING_RAW:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_raw_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_COPY_RECT:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_copyrect_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_RRE:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_rre_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_HEXTILE:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_hextile_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_ZRLE:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_zrle_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);
 		break;
 	case VNC_CONNECTION_ENCODING_TIGHT:
-		if (!vnc_connection_validate_boundary(conn, width, height))
+		if (!vnc_connection_validate_boundary(conn, x, y, width, height))
 			break;
 		vnc_connection_tight_update(conn, x, y, width, height);
 		vnc_connection_update(conn, x, y, width, height);