From 6a1db91191361c10be065ca61580255bcb32413f Mon Sep 17 00:00:00 2001
From: Vlad Zahorodnii <vlad.zahorodnii@kde.org>
Date: Thu, 15 Aug 2024 18:21:12 +0300
Subject: [PATCH] wayland: Check that wl_shm buffer stride is multiple of bytes
 per pixel

This is needed to ensure that the values passed to GL_UNPACK_ROW_LENGTH
are reasonable. It's not described in the spec but wlroots already does
the same.
---
 src/wayland/shmclientbuffer.cpp | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/wayland/shmclientbuffer.cpp b/src/wayland/shmclientbuffer.cpp
index e3fdf3a9f5..9b88a3d05c 100644
--- a/src/wayland/shmclientbuffer.cpp
+++ b/src/wayland/shmclientbuffer.cpp
@@ -6,8 +6,9 @@
 
 #include "config-kwin.h"
 
-#include "wayland/shmclientbuffer.h"
+#include "utils/drm_format_helper.h"
 #include "wayland/display.h"
+#include "wayland/shmclientbuffer.h"
 #include "wayland/shmclientbuffer_p.h"
 
 #include <drm_fourcc.h>
@@ -118,12 +119,26 @@ void ShmPool::shm_pool_create_buffer(Resource *resource, uint32_t id, int32_t of
         return;
     }
 
+    const uint32_t drmFormat = shmFormatToDrmFormat(format);
+
+    if (auto formatInfo = FormatInfo::get(drmFormat)) {
+        const uint32_t bytesPerPixel = formatInfo->bitsPerPixel / 8;
+        if ((stride % bytesPerPixel) != 0) {
+            wl_resource_post_error(resource->handle,
+                                   WL_SHM_ERROR_INVALID_STRIDE,
+                                   "invalid stride, %d is not a multiple of %d",
+                                   stride,
+                                   bytesPerPixel);
+            return;
+        }
+    }
+
     ShmAttributes attributes{
         .fd = fd.duplicate(),
         .stride = stride,
         .offset = offset,
         .size = QSize(width, height),
-        .format = shmFormatToDrmFormat(format),
+        .format = drmFormat,
     };
 
     new ShmClientBuffer(this, std::move(attributes), resource->client(), id);