[virglrenderer-devel] [PATCH] decode: avoid creating same decode context
李强
liqiang6-s at 360.cn
Tue Jan 24 06:25:22 UTC 2017
Hello Prasad,
Thanks for your patch.
I have send out the patches of all my issues related virglrenderer.
Most of them has been reviewed and just wait David's apply and push.
Thanks.
Thanks very much!
--
Li Qiang / Gear Team, Qihoo 360 Inc
> -----Original Message-----
> From: P J P [mailto:ppandit at redhat.com]
> Sent: Tuesday, January 24, 2017 2:20 PM
> To: virglrenderer-devel at lists.freedesktop.org
> Cc: 李强; Dave Airlie; Marc-André Lureau; P J P
> Subject: [PATCH] decode: avoid creating same decode context
>
> From: P J P <pjp at fedoraproject.org>
>
> vrend_renderer_context_create_internal routine does not check if a given
> 'handle' holds a valid decode context dec_ctx[handle].
> A guest could issue 'VIRTIO_GPU_CMD_CTX_CREATE' command with a same
> 'handle', resulting in host memory leakage. Add check to avoid it.
>
> Reported-by: Li Qiang <liqiang6-s at 360.cn>
> Signed-off-by: P J P <pjp at fedoraproject.org>
> ---
> src/vrend_decode.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/vrend_decode.c b/src/vrend_decode.c index 96b60f4..b4fa4f2
> 100644
> --- a/src/vrend_decode.c
> +++ b/src/vrend_decode.c
> @@ -1040,7 +1040,7 @@ void
> vrend_renderer_context_create_internal(uint32_t handle, uint32_t nlen, {
> struct vrend_decode_ctx *dctx;
>
> - if (handle >= VREND_MAX_CTX)
> + if (dec_ctx[handle] || handle >= VREND_MAX_CTX)
> return;
>
> dctx = malloc(sizeof(struct vrend_decode_ctx));
> --
> 2.9.3
More information about the virglrenderer-devel
mailing list