From 78f8994a63b4bfa68eeb5f7e9b9c6ec920ffc2e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Wed, 20 Jan 2016 14:14:46 +0100
Subject: [PATCH] decode: check set_uniform_buffer arguments
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fix found thanks to american fuzzy lop.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 src/vrend_decode.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/vrend_decode.c b/src/vrend_decode.c
index 19df683..7bcd50a 100644
--- a/src/vrend_decode.c
+++ b/src/vrend_decode.c
@@ -237,6 +237,13 @@ static int vrend_decode_set_uniform_buffer(struct vrend_decode_ctx *ctx, int len
 
    if (length != VIRGL_SET_UNIFORM_BUFFER_SIZE)
       return EINVAL;
+
+   if (shader >= PIPE_SHADER_TYPES)
+      return EINVAL;
+
+   if (index >= PIPE_MAX_CONSTANT_BUFFERS)
+      return EINVAL;
+
    vrend_set_uniform_buffer(ctx->grctx, shader, index, offset, blength, handle);
    return 0;
 }