From a5bfadaab5cb18997128fee5d7b6d5f40c3c41ec Mon Sep 17 00:00:00 2001 From: Po-Hsien Wang Date: Mon, 13 Aug 2018 23:57:18 -0700 Subject: [PATCH] vrend_renderer: Check the shader terminator Before calling tgsi_text_translate, check the last 4 bytes of shader contains the terminating character. TEST=WebGLAquarium [airlied: unfortunately some mesa userspace sends a packet with 0 shader in it, this should be illegal but we can't go trapping it now. just include the check for termination] Reviewed-by: Dave Airlie --- src/vrend_renderer.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c index d31588c..b56acd5 100644 --- a/src/vrend_renderer.c +++ b/src/vrend_renderer.c @@ -3024,6 +3024,13 @@ int vrend_create_shader(struct vrend_context *ctx, if (finished) { struct tgsi_token *tokens; + /* check for null termination */ + int last_chunk_offset = sel->buf_offset ? sel->buf_offset : pkt_length * 4; + if (!memchr(shd_text + last_chunk_offset - 4, '\0', 4)) { + ret = EINVAL; + goto error; + } + tokens = calloc(num_tokens + 10, sizeof(struct tgsi_token)); if (!tokens) { ret = ENOMEM;