[Mesa-dev] [PATCH v2 7/8] mesa: errors: validate the length of null terminated string
Emil Velikov
emil.l.velikov at gmail.com
Wed Nov 25 16:36:16 PST 2015
We're about to rework the meaning of gl_debug_message::length to store
the user provided data. Thus we should add an explicit validation for
null terminated strings.
Signed-off-by: Emil Velikov <emil.l.velikov at gmail.com>
---
src/mesa/main/errors.c | 20 +++++++++++++++++---
1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/src/mesa/main/errors.c b/src/mesa/main/errors.c
index 39e5642..79149a9 100644
--- a/src/mesa/main/errors.c
+++ b/src/mesa/main/errors.c
@@ -960,8 +960,22 @@ error:
static GLboolean
-validate_length(struct gl_context *ctx, const char *callerstr, GLsizei length)
+validate_length(struct gl_context *ctx, const char *callerstr, GLsizei length,
+ const GLchar *buf)
{
+
+ if (length < 0) {
+ GLsizei len = strlen(buf);
+
+ if (len >= MAX_DEBUG_MESSAGE_LENGTH) {
+ _mesa_error(ctx, GL_INVALID_VALUE,
+ "%s(null terminated string length=%d, is not less than "
+ "GL_MAX_DEBUG_MESSAGE_LENGTH=%d)", callerstr, len,
+ MAX_DEBUG_MESSAGE_LENGTH);
+ return GL_FALSE;
+ }
+ }
+
if (length >= MAX_DEBUG_MESSAGE_LENGTH) {
_mesa_error(ctx, GL_INVALID_VALUE,
"%s(length=%d, which is not less than "
@@ -992,7 +1006,7 @@ _mesa_DebugMessageInsert(GLenum source, GLenum type, GLuint id,
if (length < 0)
length = strlen(buf);
- if (!validate_length(ctx, callerstr, length))
+ if (!validate_length(ctx, callerstr, length, buf))
return; /* GL_INVALID_VALUE */
log_msg(ctx, gl_enum_to_debug_source(source),
@@ -1161,7 +1175,7 @@ _mesa_PushDebugGroup(GLenum source, GLuint id, GLsizei length,
if (length < 0)
length = strlen(message);
- if (!validate_length(ctx, callerstr, length))
+ if (!validate_length(ctx, callerstr, length, message))
return; /* GL_INVALID_VALUE */
debug = _mesa_lock_debug_state(ctx);
--
2.6.2
More information about the mesa-dev
mailing list