VirtualBox

Ignore:
Timestamp:
Mar 22, 2018 6:48:08 PM (7 years ago)
Author:
vboxsync
Message:

HostServices/SharedOpenGL: Check number of lines in shaders code, part 2.

Location:
trunk/src/VBox/HostServices/SharedOpenGL
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostServices/SharedOpenGL/crserverlib/server_boundsinfo.c

    r69390 r71468  
    297297                                                crServerSetOutputBounds( mural, mural->curExtent );
    298298                                        }
    299                                         crUnpack( data_ptr, data_ptr-1, num_opcodes, &(cr_server.dispatch) );
     299                    crUnpack( data_ptr, NULL, data_ptr-1, num_opcodes, &(cr_server.dispatch) );
    300300                                }
    301301                        }
     
    320320                                        crServerSetOutputBounds( mural, i );
    321321                                }
    322                                 crUnpack( data_ptr, data_ptr-1, num_opcodes, &(cr_server.dispatch) );
     322                crUnpack( data_ptr, NULL, data_ptr-1, num_opcodes, &(cr_server.dispatch) );
    323323                        }
    324324                }

  • trunk/src/VBox/HostServices/SharedOpenGL/crserverlib/server_stream.c

    r69390 r71468  
    559559        const CRMessageOpcodes *msg_opcodes;
    560560        int opcodeBytes;
    561         const char *data_ptr;
     561        const char *data_ptr, *data_ptr_end;
    562562
    563563        RTListNodeRemove(&pIter->Node);
     
    569569
    570570        data_ptr = (const char *) msg_opcodes + sizeof (CRMessageOpcodes) + opcodeBytes;
     571        data_ptr_end = (const char *)msg_opcodes + pIter->cbMsg;
    571572
    572573        crUnpack(data_ptr,                 /* first command's operands */
     574                 data_ptr_end,             /* first byte after command's operands*/
    573575                 data_ptr - 1,             /* first command's opcode */
    574576                 msg_opcodes->numOpcodes,  /* how many opcodes */
     
    590592    const CRMessageOpcodes *msg_opcodes;
    591593    int opcodeBytes;
    592     const char *data_ptr;
     594    const char *data_ptr, *data_ptr_end;
    593595#ifdef VBOX_WITH_CRHGSMI
    594596    PCRVBOXHGSMI_CMDDATA pCmdData = NULL;
     
    616618
    617619    data_ptr = (const char *) msg_opcodes + sizeof(CRMessageOpcodes) + opcodeBytes;
     620    data_ptr_end = (const char *)msg_opcodes + cbMsg; // Pointer to the first byte after message data
    618621
    619622    enmType = crUnpackGetBufferType(data_ptr - 1,             /* first command's opcode */
     
    677680    {
    678681        crUnpack(data_ptr,                 /* first command's operands */
     682                 data_ptr_end,             /* first byte after command's operands*/
    679683                 data_ptr - 1,             /* first command's opcode */
    680684                 msg_opcodes->numOpcodes,  /* how many opcodes */

  • trunk/src/VBox/HostServices/SharedOpenGL/unpacker/unpack.py

    r69390 r71468  
    2626
    2727DECLEXPORT(const unsigned char *) cr_unpackData = NULL;
     28DECLEXPORT(const unsigned char *) cr_unpackDataEnd = NULL;
    2829SPUDispatchTable cr_unpackDispatch;
    2930
     
    240241}
    241242
    242 void crUnpack( const void *data, const void *opcodes,
     243void crUnpack( const void *data, const void *data_end, const void *opcodes,
    243244        unsigned int num_opcodes, SPUDispatchTable *table )
    244245{
     
    253254    unpack_opcodes = (const unsigned char *)opcodes;
    254255    cr_unpackData = (const unsigned char *)data;
     256    cr_unpackDataEnd = (const unsigned char *)data;
    255257
    256258#if defined(CR_UNPACK_DEBUG_OPCODES) || defined(CR_UNPACK_DEBUG_LAST_OPCODES)

  • trunk/src/VBox/HostServices/SharedOpenGL/unpacker/unpack_shaders.c

    r71462 r71468  
    4141    char **ppStrings = NULL;
    4242    GLsizei i, j, jUpTo;
    43     int pos=20+count*sizeof(*pLocalLength);
    44 
    45     if (hasNonLocalLen>0)
    46     {
    47         length = DATA_POINTER(pos, GLint);
    48         pos += count*sizeof(*length);
    49     }
    50 
    51     if (count >= UINT32_MAX / sizeof(char*))
     43    int pos, pos_check;
     44
     45    if (count >= UINT32_MAX / sizeof(char *) / 4)
    5246    {
    5347        crError("crUnpackExtendShaderSource: count %u is out of range", count);
     
    5549    }
    5650
    57     ppStrings = crAlloc(count*sizeof(char*));
     51    pos = 20 + count * sizeof(*pLocalLength);
     52
     53    if (hasNonLocalLen > 0)
     54    {
     55        length = DATA_POINTER(pos, GLint);
     56        pos += count * sizeof(*length);
     57    }
     58
     59    pos_check = pos;
     60
     61    if (!DATA_POINTER_CHECK(pos_check))
     62    {
     63        crError("crUnpackExtendShaderSource: pos %d is out of range", pos_check);
     64        return;
     65    }
     66
     67    for (i = 0; i < count; ++i)
     68    {
     69        if (pLocalLength[i] <= 0 || pos_check >= INT32_MAX - pLocalLength[i] || !DATA_POINTER_CHECK(pos_check))
     70        {
     71            crError("crUnpackExtendShaderSource: pos %d is out of range", pos_check);
     72            return;
     73        }
     74
     75        pos_check += pLocalLength[i];
     76    }
     77
     78    ppStrings = crAlloc(count * sizeof(char*));
    5879    if (!ppStrings) return;
    5980
    60     for (i=0; i<count; ++i)
     81    for (i = 0; i < count; ++i)
    6182    {
    6283        ppStrings[i] = DATA_POINTER(pos, char);
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette