renderer: validate num_so_outputs

Avoid out-of-bound acces of array so_info.output. Fix found thanks to american fuzzy lop. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
author: Marc-André Lureau <marcandre.lureau@redhat.com> 2016-01-19 00:52:32 +0100
committer: Dave Airlie <airlied@redhat.com> 2016-02-10 12:00:47 +1000
commit: 9033b26976dbca8d67a6ec5538711d02730cc2f1 (patch)
tree: 7bbbc7f3db2f7584eb597c4c7873eb2180cfd11b
parent: 3767dbf18c93b1c97ad428f724d4df809a54e75c (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/vrend_decode.c b/src/vrend_decode.c
index b3c7dea..d946734 100644
--- a/src/vrend_decode.c
+++ b/src/vrend_decode.c
@@ -80,6 +80,9 @@ static int vrend_decode_create_shader(struct vrend_decode_ctx *ctx,
    offlen = get_buf_entry(ctx, VIRGL_OBJ_SHADER_OFFSET);
    num_so_outputs = get_buf_entry(ctx, VIRGL_OBJ_SHADER_SO_NUM_OUTPUTS);
 
+   if (num_so_outputs > PIPE_MAX_SO_OUTPUTS)
+      return EINVAL;
+
    shader_offset = 6;
    if (num_so_outputs) {
       so_info.num_outputs = num_so_outputs;
author	Marc-André Lureau <marcandre.lureau@redhat.com>	2016-01-19 00:52:32 +0100
committer	Dave Airlie <airlied@redhat.com>	2016-02-10 12:00:47 +1000
commit	9033b26976dbca8d67a6ec5538711d02730cc2f1 (patch)
tree	7bbbc7f3db2f7584eb597c4c7873eb2180cfd11b
parent	3767dbf18c93b1c97ad428f724d4df809a54e75c (diff)