renderer: check shader continuation fits

Fix found thanks to american fuzzy lop. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
author: Marc-André Lureau <marcandre.lureau@redhat.com> 2016-01-21 14:28:32 +0100
committer: Dave Airlie <airlied@redhat.com> 2016-02-10 12:39:47 +1000
commit: e215bde74e4ddbffe73fd81327b4df577acc4e4d (patch)
tree: 237cc1bac821e194114a306d7ed193677c006480
parent: bfa6cd741d2d1bf272c2ae1c201e6377041c9ac2 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
index 2e380a9..05a2ed7 100644
--- a/src/vrend_renderer.c
+++ b/src/vrend_renderer.c
@@ -2180,6 +2180,13 @@ int vrend_create_shader(struct vrend_context *ctx,
          vrend_renderer_object_destroy(ctx, handle);
          return EINVAL;
       }
+      if ((pkt_length * 4 + sel->buf_offset) > sel->buf_len) {
+         fprintf(stderr, "Got too large shader continuation %d vs %d\n",
+                 pkt_length * 4 + sel->buf_offset, sel->buf_len);
+         vrend_renderer_object_destroy(ctx, handle);
+         return EINVAL;
+      }
+
       memcpy(sel->tmp_buf + sel->buf_offset, shd_text, pkt_length * 4);
 
       sel->buf_offset += pkt_length * 4;
author	Marc-André Lureau <marcandre.lureau@redhat.com>	2016-01-21 14:28:32 +0100
committer	Dave Airlie <airlied@redhat.com>	2016-02-10 12:39:47 +1000
commit	e215bde74e4ddbffe73fd81327b4df577acc4e4d (patch)
tree	237cc1bac821e194114a306d7ed193677c006480
parent	bfa6cd741d2d1bf272c2ae1c201e6377041c9ac2 (diff)