decode: check streamout-targets num_handles

Prevent out-of-bound array access. Found thanks to AddressSanitizer & american fuzzy lop. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
author: Marc-André Lureau <marcandre.lureau@redhat.com> 2016-02-04 08:44:22 +0100
committer: Dave Airlie <airlied@redhat.com> 2016-02-10 12:39:48 +1000
commit: 64c946958737eef1e3c113775483bd4073a05299 (patch)
tree: 212bdc6d26d40462b8c099c85179fc4fbdaa46cb
parent: b93e67deb0693d6af58fb01ea6c08712cee8b630 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/vrend_decode.c b/src/vrend_decode.c
index fad633e..36d4925 100644
--- a/src/vrend_decode.c
+++ b/src/vrend_decode.c
@@ -1025,6 +1025,9 @@ static int vrend_decode_set_streamout_targets(struct vrend_decode_ctx *ctx,
 
    if (length < 1)
       return EINVAL;
+   if (num_handles > ARRAY_SIZE(handles))
+      return EINVAL;
+
    append_bitmask = get_buf_entry(ctx, VIRGL_SET_STREAMOUT_TARGETS_APPEND_BITMASK);
    for (i = 0; i < num_handles; i++)
       handles[i] = get_buf_entry(ctx, VIRGL_SET_STREAMOUT_TARGETS_H0 + i);
author	Marc-André Lureau <marcandre.lureau@redhat.com>	2016-02-04 08:44:22 +0100
committer	Dave Airlie <airlied@redhat.com>	2016-02-10 12:39:48 +1000
commit	64c946958737eef1e3c113775483bd4073a05299 (patch)
tree	212bdc6d26d40462b8c099c85179fc4fbdaa46cb
parent	b93e67deb0693d6af58fb01ea6c08712cee8b630 (diff)