Changeset 52485 in vbox for trunk/src/VBox/HostServices/SharedOpenGL

Timestamp:

Aug 24, 2014 4:49:25 PM (10 years ago)

Author:

vboxsync

Message:

server_muralfbo.cpp: crServerRedirMuralDbSyncFb can be called even if crServerSupportRedirMuralFBO() is false, this will manifest as cBuffers = 0, reject these calls as we will otherwise end up dying performing zero division and later NULL pointer (hFbEntry) access. Don't call CrFbEntryRelease on a NULL hFbEntry in crServerRedirMuralFbClear.

File:

• trunk/src/VBox/HostServices/SharedOpenGL/crserverlib/server_muralfbo.cpp (modified) (2 diffs)

trunk/src/VBox/HostServices/SharedOpenGL/crserverlib/server_muralfbo.cpp

@@ -120 +120 @@
             continue;
 
-        CrFbEntryRelease(pData->hFb, pData->hFbEntry);
-        pData->hFbEntry = NULL;
+        if (pData->hFbEntry != NULL)
+        {
+            CrFbEntryRelease(pData->hFb, pData->hFbEntry);
+            pData->hFbEntry = NULL;
+        }
 
         for (j = 0; j < mural->cBuffers; ++j)
@@ -191 +194 @@
     {
         pData->hFb = hFb;
+
+        /* Guard against modulo-by-zero when calling CrFbEntryCreateForTexData
+           below. Observed when failing to load atig6pxx.dll and similar. */
+        if (RT_UNLIKELY(mural->cBuffers == 0))
+        {
+            WARN(("crServerRedirMuralDbSyncFb: cBuffers == 0 (crServerSupportRedirMuralFBO=%d)", crServerSupportRedirMuralFBO()));
+            return VERR_NOT_SUPPORTED;
+        }
 
         for (uint32_t i = 0; i < mural->cBuffers; ++i)