From ca38be7a2dad63e42e1fb4fbdcb986a1cd0d26d2 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Wed, 4 Feb 2015 15:44:30 +1000 Subject: [PATCH] renderer: check transfer read/write args better. This confirms the transfer read/write args are non-NULL --- src/vrend_renderer.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c index f2185f5..2e7b2f1 100644 --- a/src/vrend_renderer.c +++ b/src/vrend_renderer.c @@ -3653,10 +3653,17 @@ void vrend_renderer_transfer_write_iov(uint32_t res_handle, unsigned int num_iovs) { struct vrend_resource *res; - + struct vrend_context *ctx = vrend_lookup_renderer_ctx(ctx_id); void *data; - res = vrend_resource_lookup(res_handle, ctx_id); + if (!ctx) + return; + + if (ctx_id == 0) + res = vrend_resource_lookup(res_handle, ctx_id); + else + res = vrend_renderer_ctx_res_lookup(ctx, res_handle); + if (res == NULL) { struct vrend_context *ctx = vrend_lookup_renderer_ctx(ctx_id); report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_RESOURCE, res_handle); @@ -3668,6 +3675,9 @@ void vrend_renderer_transfer_write_iov(uint32_t res_handle, num_iovs = res->num_iovs; } + if (!box) + return; + if (!iov) { struct vrend_context *ctx = vrend_lookup_renderer_ctx(ctx_id); report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_RESOURCE, res_handle); @@ -4096,12 +4106,21 @@ void vrend_renderer_transfer_send_iov(uint32_t res_handle, uint32_t ctx_id, struct vrend_resource *res; struct vrend_context *ctx = vrend_lookup_renderer_ctx(ctx_id); - res = vrend_resource_lookup(res_handle, ctx_id); + if (!ctx) + return; + + if (ctx_id == 0) + res = vrend_resource_lookup(res_handle, ctx_id); + else + res = vrend_renderer_ctx_res_lookup(ctx, res_handle); if (!res) { report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_RESOURCE, res_handle); return; } + if (!box) + return; + if (res->iov && (!iov || num_iovs == 0)) { iov = res->iov; num_iovs = res->num_iovs;