VirtualBox

Ignore:
Timestamp:
Mar 22, 2018 6:48:08 PM (7 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
121437
Message:

HostServices/SharedOpenGL: Check number of lines in shaders code, part 2.

Location:
trunk/src/VBox/HostServices/SharedOpenGL/unpacker
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostServices/SharedOpenGL/unpacker/unpack.py

    r69390 r71468  
    2626
    2727DECLEXPORT(const unsigned char *) cr_unpackData = NULL;
     28DECLEXPORT(const unsigned char *) cr_unpackDataEnd = NULL;
    2829SPUDispatchTable cr_unpackDispatch;
    2930
     
    240241}
    241242
    242 void crUnpack( const void *data, const void *opcodes,
     243void crUnpack( const void *data, const void *data_end, const void *opcodes,
    243244        unsigned int num_opcodes, SPUDispatchTable *table )
    244245{
     
    253254    unpack_opcodes = (const unsigned char *)opcodes;
    254255    cr_unpackData = (const unsigned char *)data;
     256    cr_unpackDataEnd = (const unsigned char *)data;
    255257
    256258#if defined(CR_UNPACK_DEBUG_OPCODES) || defined(CR_UNPACK_DEBUG_LAST_OPCODES)

  • trunk/src/VBox/HostServices/SharedOpenGL/unpacker/unpack_shaders.c

    r71462 r71468  
    4141    char **ppStrings = NULL;
    4242    GLsizei i, j, jUpTo;
    43     int pos=20+count*sizeof(*pLocalLength);
    44 
    45     if (hasNonLocalLen>0)
    46     {
    47         length = DATA_POINTER(pos, GLint);
    48         pos += count*sizeof(*length);
    49     }
    50 
    51     if (count >= UINT32_MAX / sizeof(char*))
     43    int pos, pos_check;
     44
     45    if (count >= UINT32_MAX / sizeof(char *) / 4)
    5246    {
    5347        crError("crUnpackExtendShaderSource: count %u is out of range", count);
     
    5549    }
    5650
    57     ppStrings = crAlloc(count*sizeof(char*));
     51    pos = 20 + count * sizeof(*pLocalLength);
     52
     53    if (hasNonLocalLen > 0)
     54    {
     55        length = DATA_POINTER(pos, GLint);
     56        pos += count * sizeof(*length);
     57    }
     58
     59    pos_check = pos;
     60
     61    if (!DATA_POINTER_CHECK(pos_check))
     62    {
     63        crError("crUnpackExtendShaderSource: pos %d is out of range", pos_check);
     64        return;
     65    }
     66
     67    for (i = 0; i < count; ++i)
     68    {
     69        if (pLocalLength[i] <= 0 || pos_check >= INT32_MAX - pLocalLength[i] || !DATA_POINTER_CHECK(pos_check))
     70        {
     71            crError("crUnpackExtendShaderSource: pos %d is out of range", pos_check);
     72            return;
     73        }
     74
     75        pos_check += pLocalLength[i];
     76    }
     77
     78    ppStrings = crAlloc(count * sizeof(char*));
    5879    if (!ppStrings) return;
    5980
    60     for (i=0; i<count; ++i)
     81    for (i = 0; i < count; ++i)
    6182    {
    6283        ppStrings[i] = DATA_POINTER(pos, char);
Note: See TracChangeset for help on using the changeset viewer.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette