From e00dea22c872252f9ad0337aeede803c2fe02697 Mon Sep 17 00:00:00 2001 From: Po-Hsien Wang Date: Fri, 15 Mar 2019 19:49:08 -0700 Subject: [PATCH] decode: check args for decode functions. Check args of the following function: - vrend_decode_set_vertex_buffers - vrend_decode_set_shader_buffers - vrend_decode_set_atomic_buffers - vrend_decode_set_shader_images And change variable type to uint as the protocol should never send negative number. Reviewed-by: Dave Airlie Signed-off-by: Dave Airlie --- src/vrend_decode.c | 9 ++++++--- src/vrend_renderer.c | 10 +++++----- src/vrend_renderer.h | 10 +++++----- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/src/vrend_decode.c b/src/vrend_decode.c index 231cd9a..9f30b6b 100644 --- a/src/vrend_decode.c +++ b/src/vrend_decode.c @@ -1157,7 +1157,8 @@ static int vrend_decode_set_shader_buffers(struct vrend_decode_ctx *ctx, uint16_ if (num_ssbo < 1) return 0; - if (start_slot + num_ssbo > PIPE_MAX_SHADER_BUFFERS) + if (start_slot > PIPE_MAX_SHADER_BUFFERS || + start_slot > PIPE_MAX_SHADER_BUFFERS - num_ssbo) return EINVAL; for (int i = 0; i < num_ssbo; i++) { @@ -1183,7 +1184,8 @@ static int vrend_decode_set_atomic_buffers(struct vrend_decode_ctx *ctx, uint16_ if (num_abo < 1) return 0; - if (start_slot + num_abo > PIPE_MAX_HW_ATOMIC_BUFFERS) + if (start_slot > PIPE_MAX_HW_ATOMIC_BUFFERS || + start_slot > PIPE_MAX_HW_ATOMIC_BUFFERS - num_abo) return EINVAL; for (int i = 0; i < num_abo; i++) { @@ -1212,7 +1214,8 @@ static int vrend_decode_set_shader_images(struct vrend_decode_ctx *ctx, uint16_t if (num_images < 1) { return 0; } - if (start_slot + num_images > PIPE_MAX_SHADER_IMAGES) + if (start_slot > PIPE_SHADER_TYPES || + start_slot > PIPE_MAX_SHADER_IMAGES - num_images) return EINVAL; for (int i = 0; i < num_images; i++) { diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c index a38e96c..074ef87 100644 --- a/src/vrend_renderer.c +++ b/src/vrend_renderer.c @@ -2529,7 +2529,7 @@ void vrend_set_index_buffer(struct vrend_context *ctx, } void vrend_set_single_vbo(struct vrend_context *ctx, - int index, + uint32_t index, uint32_t stride, uint32_t buffer_offset, uint32_t res_handle) @@ -2690,7 +2690,7 @@ void vrend_set_single_sampler_view(struct vrend_context *ctx, void vrend_set_num_sampler_views(struct vrend_context *ctx, uint32_t shader_type, uint32_t start_slot, - int num_sampler_views) + uint32_t num_sampler_views) { int last_slot = start_slot + num_sampler_views; int i; @@ -2703,7 +2703,7 @@ void vrend_set_num_sampler_views(struct vrend_context *ctx, void vrend_set_single_image_view(struct vrend_context *ctx, uint32_t shader_type, - int index, + uint32_t index, uint32_t format, uint32_t access, uint32_t layer_offset, uint32_t level_size, uint32_t handle) @@ -2735,7 +2735,7 @@ void vrend_set_single_image_view(struct vrend_context *ctx, void vrend_set_single_ssbo(struct vrend_context *ctx, uint32_t shader_type, - int index, + uint32_t index, uint32_t offset, uint32_t length, uint32_t handle) { @@ -2764,7 +2764,7 @@ void vrend_set_single_ssbo(struct vrend_context *ctx, } void vrend_set_single_abo(struct vrend_context *ctx, - int index, + uint32_t index, uint32_t offset, uint32_t length, uint32_t handle) { diff --git a/src/vrend_renderer.h b/src/vrend_renderer.h index 7708bed..7083d1f 100644 --- a/src/vrend_renderer.h +++ b/src/vrend_renderer.h @@ -200,7 +200,7 @@ void vrend_bind_vertex_elements_state(struct vrend_context *ctx, uint32_t handle); void vrend_set_single_vbo(struct vrend_context *ctx, - int index, + uint32_t index, uint32_t stride, uint32_t buffer_offset, uint32_t res_handle); @@ -217,7 +217,7 @@ void vrend_set_viewport_states(struct vrend_context *ctx, void vrend_set_num_sampler_views(struct vrend_context *ctx, uint32_t shader_type, uint32_t start_slot, - int num_sampler_views); + uint32_t num_sampler_views); void vrend_set_single_sampler_view(struct vrend_context *ctx, uint32_t shader_type, uint32_t index, @@ -241,17 +241,17 @@ void vrend_set_index_buffer(struct vrend_context *ctx, uint32_t offset); void vrend_set_single_image_view(struct vrend_context *ctx, uint32_t shader_type, - int index, + uint32_t index, uint32_t format, uint32_t access, uint32_t layer_offset, uint32_t level_size, uint32_t handle); void vrend_set_single_ssbo(struct vrend_context *ctx, uint32_t shader_type, - int index, + uint32_t index, uint32_t offset, uint32_t length, uint32_t handle); void vrend_set_single_abo(struct vrend_context *ctx, - int index, + uint32_t index, uint32_t offset, uint32_t length, uint32_t handle); void vrend_memory_barrier(struct vrend_context *ctx,