[Mesa-dev] [PATCH 1/5] include/GL: add mesa_glinterop.h for OpenGL-OpenCL interop (v3)
Marek Olšák
maraeo at gmail.com
Tue Mar 8 22:29:44 UTC 2016
On Tue, Mar 8, 2016 at 4:39 PM, Marek Olšák <maraeo at gmail.com> wrote:
> On Sat, Mar 5, 2016 at 9:53 AM, Michel Dänzer <michel at daenzer.net> wrote:
>> On 04.03.2016 04:46, Marek Olšák wrote:
>>>
>>> +/**
>>> + * Device information returned by Mesa.
>>> + */
>>> +typedef struct _mesa_glinterop_device_info {
>>> + uint32_t size; /* size of this structure */
>>
>> Callees determine how much data they can write by looking at these size
>> members of the *out parameters. That's pretty error-prone: If the
>> callers just pass in a pointer they received from malloc, forgetting to
>> initialize the size member, it'll have a random value, which is quite
>> likely larger than the actual size and what the callee expects as a
>> minimum, in which case the callee will write past the end of the
>> allocated memory => memory corruption, if not a security issue.
Wait. I wouldn't like to optimize for incorrect API usage. Setting
"out=rand()" is likely to have fun behavior too. What then? This is a
battle we can't win.
>>
>> If you still don't want to go for a version based scheme instead, I'd
>> suggest passing in the size as an explicit function parameter. (Or at
>> the very least, it needs to be documented very prominently that callers
>> must initialize out->size before calling in; but we know no matter how
>> well that is documented, it'll probably be ignored anyway sooner or
>> later...)
>
> Version based it is then.
Actually, I don't see how the version number would make it any better
for the structures, but returning the version number by
QueryDeviceInfo would be useful for the caller to know what to expect
if Mesa version < caller version. The sizes are still useful if Mesa
version > caller version.
Marek
More information about the mesa-dev
mailing list