Make sure that the passed buffer size is not negative and that evaluating the buffer size in bytes doesn't overflow. With that we make sure that the buf_offset in the decoding loop can't wrap around when it is updated. v2: - move check to virgl_renderer_submit_cmd (Chia-I) - remove the size conversion on both ends v3: - keep conversion to size in bytes (Chia-I) - explicitely convert to uint32_t to silence a warning Signed-off-by: Gert Wollny <gert.wollny@collabora.com> Reviewed-by: Chia-I Wu <olvaffe@gmail.com>macos/master
parent
722f47e5af
commit
122ae312db
Loading…
Reference in new issue