[Mesa-dev] [PATCH] mesa: Check for valid debug label before memcpy.
Vinson Lee
vlee at freedesktop.org
Fri Sep 13 19:19:58 PDT 2013
Fixes "Dereference after null check" reported by Coverity.
Signed-off-by: Vinson Lee <vlee at freedesktop.org>
---
src/mesa/main/objectlabel.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/mesa/main/objectlabel.c b/src/mesa/main/objectlabel.c
index 90d9e09..79fd8c7 100644
--- a/src/mesa/main/objectlabel.c
+++ b/src/mesa/main/objectlabel.c
@@ -90,16 +90,28 @@ set_label(struct gl_context *ctx, char **labelPtr, const char *label,
static void
copy_label(char **labelPtr, char *label, int *length, int bufSize)
{
+ /* From http://www.opengl.org/registry/specs/KHR/debug.txt:
+ * "If <length> is NULL, no length is returned. The maximum number of
+ * characters that may be written into <label>, including the null
+ * terminator, is specified by <bufSize>. If no debug label was specified
+ * for the object then <label> will contain a null-terminated empty string,
+ * and zero will be returned in <length>. If <label> is NULL and <length>
+ * is non-NULL then no string will be returned and the length of the label
+ * will be returned in <length>."
+ */
+
int labelLen = 0;
if (*labelPtr)
labelLen = strlen(*labelPtr);
if (label) {
- if (bufSize <= labelLen)
- labelLen = bufSize-1;
+ if (*labelPtr) {
+ if (bufSize <= labelLen)
+ labelLen = bufSize-1;
- memcpy(label, *labelPtr, labelLen);
+ memcpy(label, *labelPtr, labelLen);
+ }
label[labelLen] = '\0';
}
--
1.8.1.2
More information about the mesa-dev
mailing list