|
|
@ -711,6 +711,253 @@ static void test_cs_nullpointer_deference() |
|
|
|
virgl_renderer_submit_cmd((void *) cmd, ctx_id, 9); |
|
|
|
virgl_renderer_submit_cmd((void *) cmd, ctx_id, 9); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void test_vrend_set_signle_abo_heap_overflow() { |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
struct virgl_renderer_resource_create_args args; |
|
|
|
|
|
|
|
args.handle = 0x4c474572; |
|
|
|
|
|
|
|
args.target = 0; |
|
|
|
|
|
|
|
args.format = 0x43; |
|
|
|
|
|
|
|
args.bind = 0x80000; |
|
|
|
|
|
|
|
args.width = 0x5f5f616d; |
|
|
|
|
|
|
|
args.height = 0x69667562; |
|
|
|
|
|
|
|
args.depth = 0x726f706d; |
|
|
|
|
|
|
|
args.array_size = 0xbbbbbb74; |
|
|
|
|
|
|
|
args.last_level = 0xbbbbbbbb; |
|
|
|
|
|
|
|
args.nr_samples = 0xbbbbbbbb; |
|
|
|
|
|
|
|
args.flags = 0xff; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
virgl_renderer_resource_create(&args, NULL, 0); |
|
|
|
|
|
|
|
virgl_renderer_ctx_attach_resource(ctx_id, args.handle); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
uint32_t cmd[0xde]; |
|
|
|
|
|
|
|
int i = 0; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
cmd[i++] = 0x000e1919; |
|
|
|
|
|
|
|
cmd[i++] = 0x00003f00; |
|
|
|
|
|
|
|
cmd[i++] = 0xc7cf3000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00083907; |
|
|
|
|
|
|
|
cmd[i++] = 0x6e73735f; |
|
|
|
|
|
|
|
cmd[i++] = 0x32323232; |
|
|
|
|
|
|
|
cmd[i++] = 0x19312161; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0xffbe1959; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbff; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbb29; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x000000ff; |
|
|
|
|
|
|
|
cmd[i++] = 0x000e1928; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x4111d000; |
|
|
|
|
|
|
|
cmd[i++] = 0xfe010000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000172; |
|
|
|
|
|
|
|
cmd[i++] = 0x32323200; |
|
|
|
|
|
|
|
cmd[i++] = 0xe6cedea2; |
|
|
|
|
|
|
|
cmd[i++] = 0xe6e6e6e6; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0xffbe1959; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbff; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x000000ff; |
|
|
|
|
|
|
|
cmd[i++] = 0x000e1919; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xc7cfa400; |
|
|
|
|
|
|
|
cmd[i++] = 0x00083907; |
|
|
|
|
|
|
|
cmd[i++] = 0x6e73735f; |
|
|
|
|
|
|
|
cmd[i++] = 0x32323232; |
|
|
|
|
|
|
|
cmd[i++] = 0x19312161; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000159; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbb00; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x000000ff; |
|
|
|
|
|
|
|
cmd[i++] = 0x006e1928; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xbeee3000; |
|
|
|
|
|
|
|
cmd[i++] = 0xe6e6ffff; |
|
|
|
|
|
|
|
cmd[i++] = 0x19e6e6e6; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x59191919; |
|
|
|
|
|
|
|
cmd[i++] = 0xffffbe19; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xffbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x19000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000e19; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x07c7cfa4; |
|
|
|
|
|
|
|
cmd[i++] = 0x5f000839; |
|
|
|
|
|
|
|
cmd[i++] = 0x326e7373; |
|
|
|
|
|
|
|
cmd[i++] = 0x00390732; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x4111d000; |
|
|
|
|
|
|
|
cmd[i++] = 0xfe010000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000172; |
|
|
|
|
|
|
|
cmd[i++] = 0x32323200; |
|
|
|
|
|
|
|
cmd[i++] = 0xe6cedea2; |
|
|
|
|
|
|
|
cmd[i++] = 0xe6e6e6e6; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0xffbe1959; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbff; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x000000ff; |
|
|
|
|
|
|
|
cmd[i++] = 0x000e1919; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xc7cfa400; |
|
|
|
|
|
|
|
cmd[i++] = 0x00083907; |
|
|
|
|
|
|
|
cmd[i++] = 0x6e73735f; |
|
|
|
|
|
|
|
cmd[i++] = 0x32323232; |
|
|
|
|
|
|
|
cmd[i++] = 0x19312161; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000159; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbb00; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x000000ff; |
|
|
|
|
|
|
|
cmd[i++] = 0x002e1928; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xbeee3000; |
|
|
|
|
|
|
|
cmd[i++] = 0xe6e6ffff; |
|
|
|
|
|
|
|
cmd[i++] = 0x19e6e6e6; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x59191919; |
|
|
|
|
|
|
|
cmd[i++] = 0xffffbe19; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xffbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x19000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000a19; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x07c7cfa4; |
|
|
|
|
|
|
|
cmd[i++] = 0x5f000839; |
|
|
|
|
|
|
|
cmd[i++] = 0x326e7373; |
|
|
|
|
|
|
|
cmd[i++] = 0x08390732; |
|
|
|
|
|
|
|
cmd[i++] = 0x73735f00; |
|
|
|
|
|
|
|
cmd[i++] = 0x3232326e; |
|
|
|
|
|
|
|
cmd[i++] = 0x31216132; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x00015919; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbb0000; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x00bbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbb0000; |
|
|
|
|
|
|
|
cmd[i++] = 0x000000ff; |
|
|
|
|
|
|
|
cmd[i++] = 0x002e1928; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x08ee3000; |
|
|
|
|
|
|
|
cmd[i++] = 0x73735f00; |
|
|
|
|
|
|
|
cmd[i++] = 0x3232326e; |
|
|
|
|
|
|
|
cmd[i++] = 0x31216132; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x00015919; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbb0000; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x00bbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbb0000; |
|
|
|
|
|
|
|
cmd[i++] = 0x000000ff; |
|
|
|
|
|
|
|
cmd[i++] = 0x002e1928; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xbeee3000; |
|
|
|
|
|
|
|
cmd[i++] = 0xe6e6ffff; |
|
|
|
|
|
|
|
cmd[i++] = 0x19e6e6e6; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x59191919; |
|
|
|
|
|
|
|
cmd[i++] = 0xffffbe19; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xffbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x19000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x61323219; |
|
|
|
|
|
|
|
cmd[i++] = 0x19193121; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0x19191919; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbb19; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0xffbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x28000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00002e19; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xffbeee30; |
|
|
|
|
|
|
|
cmd[i++] = 0x00cffeff; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00006161; |
|
|
|
|
|
|
|
cmd[i++] = 0x315d3100; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xbb000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xbbbbbbbb; |
|
|
|
|
|
|
|
cmd[i++] = 0x000000ff; |
|
|
|
|
|
|
|
cmd[i++] = 0x000e1919; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0xc7cfa400; |
|
|
|
|
|
|
|
cmd[i++] = 0x7865745f; |
|
|
|
|
|
|
|
cmd[i++] = 0x00000000; |
|
|
|
|
|
|
|
cmd[i++] = 0x65727574; |
|
|
|
|
|
|
|
cmd[i++] = 0x0b87765f; |
|
|
|
|
|
|
|
cmd[i++] = 0x40000137; |
|
|
|
|
|
|
|
cmd[i++] = 0x00004000; |
|
|
|
|
|
|
|
cmd[i++] = 0x00340034; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
virgl_renderer_submit_cmd((void *) cmd, ctx_id, 0xde); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
int main() |
|
|
|
int main() |
|
|
|
{ |
|
|
|
{ |
|
|
|
initialize_environment(); |
|
|
|
initialize_environment(); |
|
|
@ -731,6 +978,8 @@ int main() |
|
|
|
test_heap_overflow_vrend_renderer_transfer_write_iov_compressed_tex(); |
|
|
|
test_heap_overflow_vrend_renderer_transfer_write_iov_compressed_tex(); |
|
|
|
|
|
|
|
|
|
|
|
test_cs_nullpointer_deference(); |
|
|
|
test_cs_nullpointer_deference(); |
|
|
|
|
|
|
|
test_vrend_set_signle_abo_heap_overflow(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
virgl_renderer_context_destroy(ctx_id); |
|
|
|
virgl_renderer_context_destroy(ctx_id); |
|
|
|
virgl_renderer_cleanup(&cookie); |
|
|
|
virgl_renderer_cleanup(&cookie); |
|
|
|