packages/virglrenderer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
virglrenderer/backport-CVE-2019-18390.patch

63 lines
2.2 KiB
Diff
Raw Permalink Blame History

From 24f67de7a9088a873844a39be03cee6882260ac9 Mon Sep 17 00:00:00 2001
From: Gert Wollny <gert.wollny@collabora.com>
Date: Mon, 7 Oct 2019 10:59:56 +0200
Subject: [PATCH] vrend: check info formats in blits
Closes #141
Closes #142
v2 : drop colon in error description (Emil)
Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
---
src/virgl_hw.h | 1 +
src/vrend_renderer.c | 12 +++++++++++-
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/virgl_hw.h b/src/virgl_hw.h
index 7736ceb..82b0ccc 100644
--- a/src/virgl_hw.h
+++ b/src/virgl_hw.h
@@ -379,6 +379,7 @@ enum virgl_ctx_errors {
VIRGL_ERROR_CTX_ILLEGAL_SURFACE,
VIRGL_ERROR_CTX_ILLEGAL_VERTEX_FORMAT,
VIRGL_ERROR_CTX_ILLEGAL_CMD_BUFFER,
+ VIRGL_ERROR_CTX_ILLEGAL_FORMAT,
};
diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
index 3769fe0..10c60ec 100644
--- a/src/vrend_renderer.c
+++ b/src/vrend_renderer.c
@@ -643,7 +643,7 @@ static inline const char *pipe_shader_to_prefix(int shader_type)
};
}
-static const char *vrend_ctx_error_strings[] = { "None", "Unknown", "Illegal shader", "Illegal handle", "Illegal resource", "Illegal surface", "Illegal vertex format", "Illegal command buffer" };
+static const char *vrend_ctx_error_strings[] = { "None", "Unknown", "Illegal shader", "Illegal handle", "Illegal resource", "Illegal surface", "Illegal vertex format", "Illegal command buffer", "Illegal format ID" };
static void __report_context_error(const char *fname, struct vrend_context *ctx, enum virgl_ctx_errors error, uint32_t value)
{
@@ -7392,6 +7392,16 @@ void vrend_renderer_blit(struct vrend_context *ctx,
if (ctx->in_error)
return;
+ if (!info->src.format || (enum virgl_formats)info->src.format >= VIRGL_FORMAT_MAX) {
+ report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->src.format);
+ return;
+ }
+
+ if (!info->dst.format || (enum virgl_formats)info->dst.format >= VIRGL_FORMAT_MAX) {
+ report_context_error(ctx, VIRGL_ERROR_CTX_ILLEGAL_FORMAT, info->dst.format);
+ return;
+ }
+
if (info->render_condition_enable == false)
vrend_pause_render_condition(ctx, true);
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink