[virglrenderer-devel] [PATCH] vtest: add support for sending caps v2.
Robert Tarasov
tutankhamen at chromium.org
Thu Jun 21 22:12:45 UTC 2018
virgl_renderer_get_cap_set() could return 0 in max_size, malloc(0) could
return you a valid pointer (not null) which can be passed to free(), so, in
this case you could overwrite memory. Probably, you'd better to check max_size
for a minimum valid size.
On Thu, Jun 7, 2018 at 11:21 PM, Dave Airlie <airlied at gmail.com> wrote:
> From: Dave Airlie <airlied at redhat.com>
>
> I've come up with a workaround on the mesa side that should be
> backwards compatible with old vtests and vice-versa.
>
> It involves sending both caps 2 and 1 queries back to back,
> and taking the first response an indication of what to expect,
> ---
> vtest/vtest.h | 2 +-
> vtest/vtest_protocol.h | 2 ++
> vtest/vtest_renderer.c | 28 ++++++++++++++++++++++++++++
> vtest/vtest_server.c | 3 +++
> 4 files changed, 34 insertions(+), 1 deletion(-)
>
> diff --git a/vtest/vtest.h b/vtest/vtest.h
> index deb6618..327c193 100644
> --- a/vtest/vtest.h
> +++ b/vtest/vtest.h
> @@ -28,7 +28,7 @@
> int vtest_create_renderer(int in_fd, int out_fd, uint32_t length);
>
> int vtest_send_caps(void);
> -
> +int vtest_send_caps2(void);
> int vtest_create_resource(void);
> int vtest_resource_unref(void);
> int vtest_submit_cmd(uint32_t length_dw);
> diff --git a/vtest/vtest_protocol.h b/vtest/vtest_protocol.h
> index 84fd3eb..f617643 100644
> --- a/vtest/vtest_protocol.h
> +++ b/vtest/vtest_protocol.h
> @@ -48,6 +48,8 @@
>
> /* pass the process cmd line for debugging */
> #define VCMD_CREATE_RENDERER 8
> +
> +#define VCMD_GET_CAPS2 9
> /* get caps */
> /* 0 length cmd */
> /* resp VCMD_GET_CAPS + caps */
> diff --git a/vtest/vtest_renderer.c b/vtest/vtest_renderer.c
> index 3b8fe1a..e0e7d64 100644
> --- a/vtest/vtest_renderer.c
> +++ b/vtest/vtest_renderer.c
> @@ -153,6 +153,34 @@ void vtest_destroy_renderer(void)
> renderer.out_fd = -1;
> }
>
> +int vtest_send_caps2(void)
> +{
> + uint32_t hdr_buf[2];
> + void *caps_buf;
> + int ret;
> + uint32_t max_ver, max_size;
> +
> + virgl_renderer_get_cap_set(2, &max_ver, &max_size);
> +
> + caps_buf = malloc(max_size);
> + if (!caps_buf)
> + return -1;
> +
> + virgl_renderer_fill_caps(2, 1, caps_buf);
> +
> + hdr_buf[0] = max_size + 1;
> + hdr_buf[1] = 2;
> + ret = vtest_block_write(renderer.out_fd, hdr_buf, 8);
> + if (ret < 0)
> + goto end;
> + vtest_block_write(renderer.out_fd, caps_buf, max_size);
> + if (ret < 0)
> + goto end;
> + end:
> + free(caps_buf);
> + return 0;
> +}
> +
> int vtest_send_caps(void)
> {
> uint32_t max_ver, max_size;
> diff --git a/vtest/vtest_server.c b/vtest/vtest_server.c
> index 918639b..3868fe3 100644
> --- a/vtest/vtest_server.c
> +++ b/vtest/vtest_server.c
> @@ -129,6 +129,9 @@ again:
> vtest_renderer_create_fence();
> ret = vtest_resource_busy_wait();
> break;
> + case VCMD_GET_CAPS2:
> + ret = vtest_send_caps2();
> + break;
> default:
> break;
> }
> --
> 2.14.3
>
> _______________________________________________
> virglrenderer-devel mailing list
> virglrenderer-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/virglrenderer-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/virglrenderer-devel/attachments/20180621/b6c7219e/attachment.html>
More information about the virglrenderer-devel
mailing list