decode: check set_uniform_buffer arguments

Fix found thanks to american fuzzy lop. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
author: Marc-André Lureau <marcandre.lureau@redhat.com> 2016-01-20 14:14:46 +0100
committer: Dave Airlie <airlied@redhat.com> 2016-02-10 12:39:47 +1000
commit: 78f8994a63b4bfa68eeb5f7e9b9c6ec920ffc2e1 (patch)
tree: 2643379f25c1fc2e3f9da2c6290433fb7d9807ec
parent: 3c0a03de895df2e13618a43becfd6467e3358962 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/vrend_decode.c b/src/vrend_decode.c
index 19df683..7bcd50a 100644
--- a/src/vrend_decode.c
+++ b/src/vrend_decode.c
@@ -237,6 +237,13 @@ static int vrend_decode_set_uniform_buffer(struct vrend_decode_ctx *ctx, int len
 
    if (length != VIRGL_SET_UNIFORM_BUFFER_SIZE)
       return EINVAL;
+
+   if (shader >= PIPE_SHADER_TYPES)
+      return EINVAL;
+
+   if (index >= PIPE_MAX_CONSTANT_BUFFERS)
+      return EINVAL;
+
    vrend_set_uniform_buffer(ctx->grctx, shader, index, offset, blength, handle);
    return 0;
 }
author	Marc-André Lureau <marcandre.lureau@redhat.com>	2016-01-20 14:14:46 +0100
committer	Dave Airlie <airlied@redhat.com>	2016-02-10 12:39:47 +1000
commit	78f8994a63b4bfa68eeb5f7e9b9c6ec920ffc2e1 (patch)
tree	2643379f25c1fc2e3f9da2c6290433fb7d9807ec
parent	3c0a03de895df2e13618a43becfd6467e3358962 (diff)