[virglrenderer-devel] [PATCH] renderer: check for shader_text validity
Po-Hsien Wang
pwang at chromium.org
Thu Aug 9 18:39:26 UTC 2018
Thanks Gert and I'm really sorry for my mistake.
On Thu, Aug 9, 2018 at 1:21 AM Gert Wollny <gert.wollny at collabora.com>
wrote:
> Hello,
>
> Po-Hsien Wang asked me privately to comment on the previous version of
> the patch that still checked pkt_length <= 0 (which I pointed out that
> it is unsigned), but I didn't realize that (a) the pkg_length refers to
> dwords, and (b) AFAICS only the final chunk will be null-terminated
> when long shaders are send in chunks. As it stands now all shaders will
> be rejected by this test, and hence the patch should be reverted.
>
> I'll have to look at this a little bit more, but for now I think that
> the better solution would be to simply force a null-termination of the
> string before passing it into tgsi_text_translate.
>
> Best,
> Gert
>
> Am Mittwoch, den 08.08.2018, 11:08 -0700 schrieb Po-Hsien Wang:
> > Add check for nonterminated string passed into the create_shader
> > code.
> >
> > v3. Move some check to vrend_decode_create_shader
> > TEST=compile and running with specific testcases.
> > ---
> > src/vrend_decode.c | 2 ++
> > src/vrend_renderer.c | 2 ++
> > 2 files changed, 4 insertions(+)
> >
> > diff --git a/src/vrend_decode.c b/src/vrend_decode.c
> > index 06dad24..c75d732 100644
> > --- a/src/vrend_decode.c
> > +++ b/src/vrend_decode.c
> > @@ -115,6 +115,8 @@ static int vrend_decode_create_shader(struct
> > vrend_decode_ctx *ctx,
> > memset(&so_info, 0, sizeof(so_info));
> >
> > shd_text = get_buf_ptr(ctx, shader_offset);
> > + if (length < shader_offset)
> > + return EINVAL;
> > ret = vrend_create_shader(ctx->grctx, handle, &so_info,
> > req_local_mem, (const char *)shd_text, offlen, num_tokens, type,
> > length - shader_offset + 1);
> >
> > return ret;
> > diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
> > index 7c70b50..c969466 100644
> > --- a/src/vrend_renderer.c
> > +++ b/src/vrend_renderer.c
> > @@ -2931,6 +2931,8 @@ int vrend_create_shader(struct vrend_context
> > *ctx,
> >
> > if (type > PIPE_SHADER_COMPUTE)
> > return EINVAL;
> > + if (pkt_length == 0pkt_length == 0 || shd_text[pkt_length - 1] !=
> > '\0')
> > + return EINVAL;
> >
> > if (!has_feature(feat_geometry_shader) &&
> > type == PIPE_SHADER_GEOMETRY)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/virglrenderer-devel/attachments/20180809/6b707e2d/attachment.html>
More information about the virglrenderer-devel
mailing list