[Mesa-dev] [PATCH 66/68] glsl: avoid buffer overflow in cache sha creation
Timothy Arceri
timothy.arceri at collabora.com
Wed Jun 1 06:23:47 UTC 2016
A program may contain multiple shaders from each stage so use
ralloc to avoid buffer overflow.
---
src/compiler/glsl/shader_cache.cpp | 19 +++++++++----------
1 file changed, 9 insertions(+), 10 deletions(-)
diff --git a/src/compiler/glsl/shader_cache.cpp b/src/compiler/glsl/shader_cache.cpp
index b621efd..dce8543 100644
--- a/src/compiler/glsl/shader_cache.cpp
+++ b/src/compiler/glsl/shader_cache.cpp
@@ -1073,9 +1073,8 @@ shader_cache_read_program_metadata(struct gl_context *ctx,
struct gl_shader_program *prog)
{
const char *stage_name[] = { "vs", "tcs", "tes", "gs", "fs", "cs" };
- char buf[256], sha1buf[41];
+ char *buf, sha1buf[41];
unsigned char sha1[20];
- int offset = 0;
uint8_t *buffer;
struct program_cache *cache;
size_t size;
@@ -1109,21 +1108,21 @@ shader_cache_read_program_metadata(struct gl_context *ctx,
_mesa_sha1_compute(bindings_str, strlen(bindings_str), sha1);
ralloc_free(bindings_str);
- offset += snprintf(buf + offset, sizeof(buf) - offset,
- "bindings: %s\n",
- _mesa_sha1_format(sha1buf, sha1));
+ buf = ralloc_strdup(NULL, "bindings: ");
+ ralloc_asprintf_append(&buf, "%s\n", _mesa_sha1_format(sha1buf, sha1));
for (unsigned i = 0; i < prog->NumShaders; i++) {
if (prog->Shaders[i]->Source == NULL)
return false;
- offset += snprintf(buf + offset, sizeof(buf) - offset,
- "%s: %s\n",
- stage_name[prog->Shaders[i]->Stage],
- _mesa_sha1_format(sha1buf, prog->Shaders[i]->sha1));
+ ralloc_asprintf_append(&buf, "%s: %s\n",
+ stage_name[prog->Shaders[i]->Stage],
+ _mesa_sha1_format(sha1buf,
+ prog->Shaders[i]->sha1));
}
+ _mesa_sha1_compute(buf, strlen(buf), prog->sha1);
+ ralloc_free(buf);
- _mesa_sha1_compute(buf, offset, prog->sha1);
buffer = (uint8_t *) cache_get(cache, prog->sha1, &size);
if (buffer == NULL) {
/* Cached program not found. Fall back to linking shaders but first
--
2.5.5
More information about the mesa-dev
mailing list