[Mesa-dev] [PATCH 1/5] include/GL: add mesa_glinterop.h for OpenGL-OpenCL interop (v3)

Michel Dänzer michel at daenzer.net
Wed Mar 9 03:27:12 UTC 2016 

On 09.03.2016 07:29, Marek Olšák wrote:
> On Tue, Mar 8, 2016 at 4:39 PM, Marek Olšák <maraeo at gmail.com> wrote:
>> On Sat, Mar 5, 2016 at 9:53 AM, Michel Dänzer <michel at daenzer.net> wrote:
>>> On 04.03.2016 04:46, Marek Olšák wrote:
>>>>
>>>> +/**
>>>> + * Device information returned by Mesa.
>>>> + */
>>>> +typedef struct _mesa_glinterop_device_info {
>>>> +   uint32_t size; /* size of this structure */
>>>
>>> Callees determine how much data they can write by looking at these size
>>> members of the *out parameters. That's pretty error-prone: If the
>>> callers just pass in a pointer they received from malloc, forgetting to
>>> initialize the size member, it'll have a random value, which is quite
>>> likely larger than the actual size and what the callee expects as a
>>> minimum, in which case the callee will write past the end of the
>>> allocated memory => memory corruption, if not a security issue.
> 
> Wait. I wouldn't like to optimize for incorrect API usage.

Of course not, just trying to make sure it won't result in a worse
failure mode than necessary.

> Setting "out=rand()" is likely to have fun behavior too. What then?

That's not really the same thing, so it's kind of a strawman argument.


>>> If you still don't want to go for a version based scheme instead, I'd
>>> suggest passing in the size as an explicit function parameter. (Or at
>>> the very least, it needs to be documented very prominently that callers
>>> must initialize out->size before calling in; but we know no matter how
>>> well that is documented, it'll probably be ignored anyway sooner or
>>> later...)
>>
>> Version based it is then.
> 
> Actually, I don't see how the version number would make it any better
> for the structures, but returning the version number by
> QueryDeviceInfo would be useful for the caller to know what to expect
> if Mesa version < caller version. The sizes are still useful if Mesa
> version > caller version.

If the sizes of the out structs are only written by callers and only
read by callees, removing the sizes from the structs and passing them in
as separate function parameters instead would be much less ugly and
error prone.


-- 
Earthling Michel Dänzer               |               http://www.amd.com
Libre software enthusiast             |             Mesa and X developer

More information about the mesa-dev mailing list