[Mesa-dev] [PATCH] glsl: fix bounds check in blob_overwrite_bytes
Iago Toral
itoral at igalia.com
Thu Jun 1 13:55:15 UTC 2017
Reviewed-by: Iago Toral Quiroga <itoral at igalia.com>
On Wed, 2017-05-31 at 19:14 -0500, Rob Herring wrote:
> clang gives a warning in blob_overwrite_bytes because offset type is
> size_t which is unsigned:
>
> src/compiler/glsl/blob.c:110:15: warning: comparison of unsigned
> expression < 0 is always false [-Wtautological-compare]
> if (offset < 0 || blob->size - offset < to_write)
> ~~~~~~ ^ ~
>
> Remove the less than 0 check to fix this.
>
> Additionally, if offset is greater than blob->size, the 2nd check
> would
> be false due to unsigned math. Rewrite the check to avoid
> subtraction.
>
> Signed-off-by: Rob Herring <robh at kernel.org>
> ---
> src/compiler/glsl/blob.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/compiler/glsl/blob.c b/src/compiler/glsl/blob.c
> index 769ebf1a0232..db3625206508 100644
> --- a/src/compiler/glsl/blob.c
> +++ b/src/compiler/glsl/blob.c
> @@ -107,7 +107,7 @@ blob_overwrite_bytes(struct blob *blob,
> size_t to_write)
> {
> /* Detect an attempt to overwrite data out of bounds. */
> - if (offset < 0 || blob->size - offset < to_write)
> + if (blob->size < offset + to_write)
> return false;
>
> memcpy(blob->data + offset, bytes, to_write);
More information about the mesa-dev
mailing list