diff options
author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2016-01-19 17:45:46 +0100 |
---|---|---|
committer | Dave Airlie <airlied@redhat.com> | 2016-02-10 12:32:58 +1000 |
commit | 18e4808c1d4de0709c6643486a83935703e3fac0 (patch) | |
tree | 7fb6157cbf457d8e4600fe0b4f0e42a57b95abe2 | |
parent | 775f5ed62a4eb3ceb4960a0cd4292a14883f86d4 (diff) |
renderer: avoid out of bound sampler array access
Fix found thanks to american fuzzy lop.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-rw-r--r-- | src/vrend_renderer.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c index fcd79c5..c8e5b60 100644 --- a/src/vrend_renderer.c +++ b/src/vrend_renderer.c @@ -3412,6 +3412,12 @@ void vrend_bind_sampler_states(struct vrend_context *ctx, return; } + if (num_states > PIPE_MAX_SAMPLERS || + start_slot > (PIPE_MAX_SAMPLERS - num_states)) { + report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER, num_states); + return; + } + ctx->sub->num_sampler_states[shader_type] = num_states; for (i = 0; i < num_states; i++) { |