Commit e215bde7 authored by Marc-André Lureau's avatar Marc-André Lureau Committed by Dave Airlie

renderer: check shader continuation fits

Fix found thanks to american fuzzy lop.
Signed-off-by: default avatarMarc-André Lureau <marcandre.lureau@redhat.com>
parent bfa6cd74
......@@ -2180,6 +2180,13 @@ int vrend_create_shader(struct vrend_context *ctx,
vrend_renderer_object_destroy(ctx, handle);
return EINVAL;
}
if ((pkt_length * 4 + sel->buf_offset) > sel->buf_len) {
fprintf(stderr, "Got too large shader continuation %d vs %d\n",
pkt_length * 4 + sel->buf_offset, sel->buf_len);
vrend_renderer_object_destroy(ctx, handle);
return EINVAL;
}
memcpy(sel->tmp_buf + sel->buf_offset, shd_text, pkt_length * 4);
sel->buf_offset += pkt_length * 4;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment