From c95c501a5ba829374ec0f2e9a81bebd26ac570b5 Mon Sep 17 00:00:00 2001
From: Adel Gadllah <adel.gadllah@gmail.com>
Date: Wed, 23 Apr 2014 22:14:31 +0200
Subject: [PATCH] meta-wayland-surface: Clip damage to buffer dimensions

A client can send us damage that exceeds the buffer size, protect against that
by clipping the damage to the buffer's region.
---
 src/wayland/meta-wayland-surface.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/wayland/meta-wayland-surface.c b/src/wayland/meta-wayland-surface.c
index e4d3cb8c0..483c0c714 100644
--- a/src/wayland/meta-wayland-surface.c
+++ b/src/wayland/meta-wayland-surface.c
@@ -105,7 +105,19 @@ static void
 surface_process_damage (MetaWaylandSurface *surface,
                         cairo_region_t *region)
 {
-  int i, n_rectangles = cairo_region_num_rectangles (region);
+  int i, n_rectangles;
+  cairo_rectangle_int_t buffer_rect;
+
+  buffer_rect.x = 0;
+  buffer_rect.y = 0;
+  buffer_rect.width = cogl_texture_get_width (surface->buffer->texture);
+  buffer_rect.height = cogl_texture_get_height (surface->buffer->texture);
+
+  /* The region will get destroyed after this call anyway so we can
+     just modify it here to avoid a copy */
+  cairo_region_intersect_rectangle (region, &buffer_rect);
+
+  n_rectangles = cairo_region_num_rectangles (region);
 
   for (i = 0; i < n_rectangles; i++)
     {