third_party
/
virglrenderer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

decode: check we don't reach MAX_VIEWPORTS

Browse Source 
Fix found thanks to american fuzzy lop.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
macos/master
Marc-André Lureau 9 years ago committed by Dave Airlie
parent e0e423aacd
commit 2aa6c5bca9
1 changed files with 4 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      src/vrend_decode.c

6
src/vrend_decode.c
Unescape View File

@ -180,10 +180,12 @@ static int vrend_decode_set_viewport_state(struct vrend_decode_ctx *ctx, int len
return EINVAL; return EINVAL;
num_viewports = (length - 1) / 6; num_viewports = (length - 1) / 6;
if (num_viewports > PIPE_MAX_VIEWPORTS) start_slot = get_buf_entry(ctx, VIRGL_SET_VIEWPORT_START_SLOT);
if (num_viewports > PIPE_MAX_VIEWPORTS ||
start_slot > (PIPE_MAX_VIEWPORTS - num_viewports))
return EINVAL; return EINVAL;
start_slot = get_buf_entry(ctx, VIRGL_SET_VIEWPORT_START_SLOT);
for (v = 0; v < num_viewports; v++) { for (v = 0; v < num_viewports; v++) {
for (i = 0; i < 3; i++) for (i = 0; i < 3; i++)
vps[v].scale[i] = uif(get_buf_entry(ctx, VIRGL_SET_VIEWPORT_STATE_SCALE_0(v) + i)); vps[v].scale[i] = uif(get_buf_entry(ctx, VIRGL_SET_VIEWPORT_STATE_SCALE_0(v) + i));

Write Preview
Loading…
Cancel
Save