[virglrenderer-devel] [PATCH] renderer: check for shader_text validity
Po-Hsien Wang
pwang at chromium.org
Wed Aug 8 18:08:00 UTC 2018
Add check for nonterminated string passed into the create_shader
code.
v3. Move some check to vrend_decode_create_shader
TEST=compile and running with specific testcases.
---
src/vrend_decode.c | 2 ++
src/vrend_renderer.c | 2 ++
2 files changed, 4 insertions(+)
diff --git a/src/vrend_decode.c b/src/vrend_decode.c
index 06dad24..c75d732 100644
--- a/src/vrend_decode.c
+++ b/src/vrend_decode.c
@@ -115,6 +115,8 @@ static int vrend_decode_create_shader(struct vrend_decode_ctx *ctx,
memset(&so_info, 0, sizeof(so_info));
shd_text = get_buf_ptr(ctx, shader_offset);
+ if (length < shader_offset)
+ return EINVAL;
ret = vrend_create_shader(ctx->grctx, handle, &so_info, req_local_mem, (const char *)shd_text, offlen, num_tokens, type, length - shader_offset + 1);
return ret;
diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
index 7c70b50..c969466 100644
--- a/src/vrend_renderer.c
+++ b/src/vrend_renderer.c
@@ -2931,6 +2931,8 @@ int vrend_create_shader(struct vrend_context *ctx,
if (type > PIPE_SHADER_COMPUTE)
return EINVAL;
+ if (pkt_length == 0 || shd_text[pkt_length - 1] != '\0')
+ return EINVAL;
if (!has_feature(feat_geometry_shader) &&
type == PIPE_SHADER_GEOMETRY)
--
2.18.0.597.ga71716f1ad-goog
More information about the virglrenderer-devel
mailing list