diff options
author | Marc-André Lureau <marcandre.lureau@redhat.com> | 2016-01-21 14:28:32 +0100 |
---|---|---|
committer | Dave Airlie <airlied@redhat.com> | 2016-02-10 12:39:47 +1000 |
commit | e215bde74e4ddbffe73fd81327b4df577acc4e4d (patch) | |
tree | 237cc1bac821e194114a306d7ed193677c006480 | |
parent | bfa6cd741d2d1bf272c2ae1c201e6377041c9ac2 (diff) |
renderer: check shader continuation fits
Fix found thanks to american fuzzy lop.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-rw-r--r-- | src/vrend_renderer.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c index 2e380a9..05a2ed7 100644 --- a/src/vrend_renderer.c +++ b/src/vrend_renderer.c @@ -2180,6 +2180,13 @@ int vrend_create_shader(struct vrend_context *ctx, vrend_renderer_object_destroy(ctx, handle); return EINVAL; } + if ((pkt_length * 4 + sel->buf_offset) > sel->buf_len) { + fprintf(stderr, "Got too large shader continuation %d vs %d\n", + pkt_length * 4 + sel->buf_offset, sel->buf_len); + vrend_renderer_object_destroy(ctx, handle); + return EINVAL; + } + memcpy(sel->tmp_buf + sel->buf_offset, shd_text, pkt_length * 4); sel->buf_offset += pkt_length * 4; |