[Mesa-dev] [PATCH] mesa: Check for valid debug label before memcpy.
Brian Paul
brianp at vmware.com
Sat Sep 14 08:45:26 PDT 2013
On 09/13/2013 08:19 PM, Vinson Lee wrote:
> Fixes "Dereference after null check" reported by Coverity.
>
> Signed-off-by: Vinson Lee <vlee at freedesktop.org>
> ---
> src/mesa/main/objectlabel.c | 18 +++++++++++++++---
> 1 file changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/src/mesa/main/objectlabel.c b/src/mesa/main/objectlabel.c
> index 90d9e09..79fd8c7 100644
> --- a/src/mesa/main/objectlabel.c
> +++ b/src/mesa/main/objectlabel.c
> @@ -90,16 +90,28 @@ set_label(struct gl_context *ctx, char **labelPtr, const char *label,
> static void
> copy_label(char **labelPtr, char *label, int *length, int bufSize)
> {
> + /* From http://www.opengl.org/registry/specs/KHR/debug.txt:
> + * "If <length> is NULL, no length is returned. The maximum number of
> + * characters that may be written into <label>, including the null
> + * terminator, is specified by <bufSize>. If no debug label was specified
> + * for the object then <label> will contain a null-terminated empty string,
> + * and zero will be returned in <length>. If <label> is NULL and <length>
> + * is non-NULL then no string will be returned and the length of the label
> + * will be returned in <length>."
> + */
> +
> int labelLen = 0;
>
> if (*labelPtr)
> labelLen = strlen(*labelPtr);
>
> if (label) {
> - if (bufSize <= labelLen)
> - labelLen = bufSize-1;
> + if (*labelPtr) {
> + if (bufSize <= labelLen)
> + labelLen = bufSize-1;
>
> - memcpy(label, *labelPtr, labelLen);
> + memcpy(label, *labelPtr, labelLen);
> + }
> label[labelLen] = '\0';
> }
>
>
I think copy_label() needs a bit of an overhaul. The source labelPtr
doesn't need to be a pointer to a pointer and it should be const
qualified. Plus the other parameter types should be fixed up. I'll
post a new patch in a bit...
-Brian
More information about the mesa-dev
mailing list