[Mesa-dev] [PATCH] glapi/glx: Add overflow checks to the client-side indirect code

Matt Turner mattst88 at gmail.com
Tue May 31 18:47:51 UTC 2016


On Tue, May 24, 2016 at 12:45 PM, Adam Jackson <ajax at redhat.com> wrote:
> Coverity complains that the computed sizes can lead to negative lengths
> passed to memcpy. If that happens we've been handed invalid arguments
> anyway, so just bomb out.
>
> The funky "0%s" is because the size string for the variable-length part
> of the request is of the form "+ safe_pad() ...", and a unary + would
> coerce the result to always be positive, defeating the overflow check.
>
> Signed-off-by: Adam Jackson <ajax at redhat.com>

Sorry for the delay, & thanks for the patch.

Reviewed-by: Matt Turner <mattst88 at gmail.com>


More information about the mesa-dev mailing list