third_party
/
virglrenderer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

renderer: validate num_so_outputs

Browse Source 
Avoid out-of-bound acces of array so_info.output.

Fix found thanks to american fuzzy lop.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
macos/master
Marc-André Lureau 9 years ago committed by Dave Airlie
parent 3767dbf18c
commit 9033b26976
1 changed files with 3 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      src/vrend_decode.c

3
src/vrend_decode.c
Unescape View File

@ -80,6 +80,9 @@ static int vrend_decode_create_shader(struct vrend_decode_ctx *ctx,
offlen = get_buf_entry(ctx, VIRGL_OBJ_SHADER_OFFSET); offlen = get_buf_entry(ctx, VIRGL_OBJ_SHADER_OFFSET);
num_so_outputs = get_buf_entry(ctx, VIRGL_OBJ_SHADER_SO_NUM_OUTPUTS); num_so_outputs = get_buf_entry(ctx, VIRGL_OBJ_SHADER_SO_NUM_OUTPUTS);
if (num_so_outputs > PIPE_MAX_SO_OUTPUTS)
return EINVAL;
shader_offset = 6; shader_offset = 6;
if (num_so_outputs) { if (num_so_outputs) {
so_info.num_outputs = num_so_outputs; so_info.num_outputs = num_so_outputs;

Write Preview
Loading…
Cancel
Save