third_party
/
virglrenderer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

venus: raise VKR_CS_DECODER_TEMP_POOL_MAX_SIZE to 1GB

Browse Source 
It is to avoid integer overflows and to catch bogus allocations (e.g.,
the guest driver encodes an uninitialized value).

Signed-off-by: Chia-I Wu <olvaffe@gmail.com>
Reviewed-by: Ryan Neph <ryanneph@google.com>
Reviewed-by: Yiwei Zhang <zzyiwei@chromium.org>
macos/master
Chia-I Wu 3 years ago
parent 2c0497b95d
commit 303bd51012
1 changed files with 7 additions and 2 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      src/venus/vkr_cs.h

9
src/venus/vkr_cs.h
Unescape View File

@ -8,7 +8,12 @@
#include "vkr_common.h" #include "vkr_common.h"
#define VKR_CS_DECODER_TEMP_POOL_MAX_SIZE (64u * 1024 * 1024) /* This is to avoid integer overflows and to catch bogus allocations (e.g.,
* the guest driver encodes an uninitialized value). In practice, the largest
* allocations we've seen are from vkGetPipelineCacheData and are dozens of
* MBs.
*/
#define VKR_CS_DECODER_TEMP_POOL_MAX_SIZE (1u * 1024 * 1024 * 1024)
struct iovec; struct iovec;
@ -245,7 +250,7 @@ vkr_cs_decoder_alloc_temp(struct vkr_cs_decoder *dec, size_t size)
/* align to 64-bit after we know size is at most /* align to 64-bit after we know size is at most
* VKR_CS_DECODER_TEMP_POOL_MAX_SIZE and cannot overflow * VKR_CS_DECODER_TEMP_POOL_MAX_SIZE and cannot overflow
*/ */
size = (size + 7) & ~7; size = align64(size, 8);
assert(size <= (size_t)(pool->end - pool->cur)); assert(size <= (size_t)(pool->end - pool->cur));
void *ptr = pool->cur; void *ptr = pool->cur;

Write Preview
Loading…
Cancel
Save