Changeset 37432 in vbox

Timestamp:

Jun 14, 2011 10:38:19 AM (14 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

72235

Message:

crOpenGL: strict offset check (#5720)

File:

trunk/src/VBox/HostServices/SharedOpenGL/crserver/crservice.cpp

-              r36846
+              r37432
             if (pBuffer->uiId == iBuffer)
+            {
+                if (pBuffer->uiSize!=cbBufferSize)
+                {
+                    LogRel(("SHARED_CROPENGL svcGetBuffer: invalid buffer(%i) size %i instead of %i\n",
+                            iBuffer, pBuffer->uiSize, cbBufferSize));
+                    return NULL;
+                }
                 return pBuffer;
+            }
 …
                 /* Execute the function. */
                 CRVBOXSVCBUFFER_t *pSvcBuffer = svcGetBuffer(iBuffer, cbBufferSize);
                 if (!pSvcBuffer || ui32Offset+cbBuffer>cbBufferSize)
+                if (!pSvcBuffer || ((uint64_t)ui32Offset+cbBuffer)>cbBufferSize)
+                {
                     rc = VERR_INVALID_PARAMETER;

Note: See TracChangeset for help on using the changeset viewer.