vrend: Check size of query result buffer and report if it is too small

Closes: https://gitlab.freedesktop.org/virgl/virglrenderer/-/issues/454 Signed-off-by: Gert Wollny <gert.wollny@collabora.com> Part-of: <https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/1224>
author: Gert Wollny <gert.wollny@collabora.com> 2023-09-08 13:26:07 +0200
committer: Marge Bot <emma+marge@anholt.net> 2023-09-11 13:25:10 +0000
commit: 785ef1e6c10c99501289763a227c70f04e5e1f24 (patch)
tree: 4e592904b39239555fb1c92056c06ce1ec7b961c
parent: cc6c432eda5dea8e15a8646b3310b4c78cfd9fc7 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
index 1fe217a..0f3af86 100644
--- a/src/vrend_renderer.c
+++ b/src/vrend_renderer.c
@@ -11017,10 +11017,14 @@ static bool vrend_check_query(struct vrend_query *query)
    state.query_state = VIRGL_QUERY_STATE_DONE;
 
    if (query->res->iov) {
-      vrend_write_to_iovec(query->res->iov, query->res->num_iovs, 0,
-            (const void *) &state, sizeof(state));
+      if (vrend_write_to_iovec(query->res->iov, query->res->num_iovs, 0,
+                               (const void *) &state, sizeof(state)) != sizeof(state))
+         virgl_error("Query state does not fit IOV size\n");
    } else {
-      *((struct virgl_host_query_state *) query->res->ptr) = state;
+      if (query->res->base.width0 >= sizeof(state) )
+         *((struct virgl_host_query_state *) query->res->ptr) = state;
+      else
+         virgl_error("Query state does not fit buffer size\n");
    }
 
    return true;
author	Gert Wollny <gert.wollny@collabora.com>	2023-09-08 13:26:07 +0200
committer	Marge Bot <emma+marge@anholt.net>	2023-09-11 13:25:10 +0000
commit	785ef1e6c10c99501289763a227c70f04e5e1f24 (patch)
tree	4e592904b39239555fb1c92056c06ce1ec7b961c
parent	cc6c432eda5dea8e15a8646b3310b4c78cfd9fc7 (diff)