decode: check set_sampler_views args

Fix found thanks to american fuzzy lop.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
macos/master
Marc-André Lureau 9 years ago committed by Dave Airlie
parent 9be86b89fb
commit 3c0a03de89
  1. 8
      src/vrend_decode.c

@ -275,6 +275,14 @@ static int vrend_decode_set_sampler_views(struct vrend_decode_ctx *ctx, uint16_t
num_samps = length - 2; num_samps = length - 2;
shader_type = get_buf_entry(ctx, VIRGL_SET_SAMPLER_VIEWS_SHADER_TYPE); shader_type = get_buf_entry(ctx, VIRGL_SET_SAMPLER_VIEWS_SHADER_TYPE);
start_slot = get_buf_entry(ctx, VIRGL_SET_SAMPLER_VIEWS_START_SLOT); start_slot = get_buf_entry(ctx, VIRGL_SET_SAMPLER_VIEWS_START_SLOT);
if (shader_type >= PIPE_SHADER_TYPES)
return EINVAL;
if (num_samps > PIPE_MAX_SHADER_SAMPLER_VIEWS ||
start_slot > (PIPE_MAX_SHADER_SAMPLER_VIEWS - num_samps))
return EINVAL;
for (i = 0; i < num_samps; i++) { for (i = 0; i < num_samps; i++) {
uint32_t handle = get_buf_entry(ctx, VIRGL_SET_SAMPLER_VIEWS_V0_HANDLE + i); uint32_t handle = get_buf_entry(ctx, VIRGL_SET_SAMPLER_VIEWS_V0_HANDLE + i);
vrend_set_single_sampler_view(ctx->grctx, shader_type, i + start_slot, handle); vrend_set_single_sampler_view(ctx->grctx, shader_type, i + start_slot, handle);

Loading…
Cancel
Save