diff --git a/src/vrend_decode.c b/src/vrend_decode.c index ff15f35..e36e1f6 100644 --- a/src/vrend_decode.c +++ b/src/vrend_decode.c @@ -172,7 +172,7 @@ static int vrend_decode_set_viewport_state(struct vrend_decode_ctx *ctx, int len { struct pipe_viewport_state vps[PIPE_MAX_VIEWPORTS]; int i, v; - int num_viewports, start_slot; + uint32_t num_viewports, start_slot; if (length < 1) return EINVAL; diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c index c8e5b60..2e380a9 100644 --- a/src/vrend_renderer.c +++ b/src/vrend_renderer.c @@ -1562,8 +1562,8 @@ void vrend_set_framebuffer_state(struct vrend_context *ctx, * an FBO already so don't need to invert rendering? */ void vrend_set_viewport_states(struct vrend_context *ctx, - int start_slot, - int num_viewports, + uint32_t start_slot, + uint32_t num_viewports, const struct pipe_viewport_state *state) { /* convert back to glViewport */ @@ -1574,6 +1574,12 @@ void vrend_set_viewport_states(struct vrend_context *ctx, GLfloat abs_s1 = fabsf(state->scale[1]); int i, idx; + if (num_viewports > PIPE_MAX_VIEWPORTS || + start_slot > (PIPE_MAX_VIEWPORTS - num_viewports)) { + report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER, num_viewports); + return; + } + for (i = 0; i < num_viewports; i++) { idx = start_slot + i; diff --git a/src/vrend_renderer.h b/src/vrend_renderer.h index 79fe081..78d00bd 100644 --- a/src/vrend_renderer.h +++ b/src/vrend_renderer.h @@ -210,7 +210,7 @@ int vrend_transfer_inline_write(struct vrend_context *ctx, unsigned usage); void vrend_set_viewport_states(struct vrend_context *ctx, - int start_slot, int num_viewports, + uint32_t start_slot, uint32_t num_viewports, const struct pipe_viewport_state *state); void vrend_set_num_sampler_views(struct vrend_context *ctx, uint32_t shader_type,