vtest: be reasonable about cmd length

Avoid overflow, found thanks to AddressSanitizer & american fuzzy lop. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
author: Marc-André Lureau <marcandre.lureau@redhat.com> 2016-02-03 21:09:32 +0100
committer: Dave Airlie <airlied@redhat.com> 2016-02-10 12:39:48 +1000
commit: 7febc0023bf65dcb2ef5e2da006c88d0d2f689d7 (patch)
tree: 41935b1f2497000bbd612267784d2dfe4e50d392
parent: 02e81fec0ee37a02c5f452589a1e93818339eedf (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/vtest/vtest_renderer.c b/vtest/vtest_renderer.c
index 58d10d9..045193c 100644
--- a/vtest/vtest_renderer.c
+++ b/vtest/vtest_renderer.c
@@ -26,6 +26,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <fcntl.h>
+#include <limits.h>
 
 #include "virglrenderer.h"
 
@@ -228,6 +229,9 @@ int vtest_submit_cmd(uint32_t length_dw)
     uint32_t *cbuf;
     int ret;
 
+    if (length_dw > UINT_MAX / 4)
+       return -1;
+
     cbuf = malloc(length_dw * 4);
     if (!cbuf)
 	return -1;
author	Marc-André Lureau <marcandre.lureau@redhat.com>	2016-02-03 21:09:32 +0100
committer	Dave Airlie <airlied@redhat.com>	2016-02-10 12:39:48 +1000
commit	7febc0023bf65dcb2ef5e2da006c88d0d2f689d7 (patch)
tree	41935b1f2497000bbd612267784d2dfe4e50d392
parent	02e81fec0ee37a02c5f452589a1e93818339eedf (diff)