VirtualBox

Ignore:
Timestamp:
Apr 10, 2019 8:01:12 PM (6 years ago)
Author:
vboxsync
Message:

GuestHost/OpenGL,HostServices/SharedOpenGL: Updates bugref:9407

Location:
trunk/src/VBox/HostServices/SharedOpenGL/unpacker
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostServices/SharedOpenGL/unpacker/unpack_misc.c

    r69390 r78105  
    2626    GLsizei n = READ_DATA( 8, GLsizei );
    2727    const GLuint *ids = DATA_POINTER(12, GLuint);
     28
     29    if (n <= 0 || n >= INT32_MAX / sizeof(GLint) / 4 || !DATA_POINTER_CHECK(12 + n * sizeof(GLuint)))
     30    {
     31        crError("crUnpackExtendDeleteQueriesARB: parameter 'n' is out of range");
     32        return;
     33    }
     34
    2835    cr_unpackDispatch.DeleteQueriesARB(n, ids);
    2936}
     
    8491    GLint cRects = READ_DATA( 24, GLint );
    8592    GLint *pRects = (GLint *)DATA_POINTER( 28, GLvoid );
     93
     94    if (cRects <= 0 || cRects >= INT32_MAX / sizeof(GLint) / 8 || !DATA_POINTER_CHECK(28 + 4 * cRects * sizeof(GLint)))
     95    {
     96        crError("crUnpackExtendVBoxTexPresent: parameter 'cRects' is out of range");
     97        return;
     98    }
     99
    86100    cr_unpackDispatch.VBoxTexPresent( texture, cfg, xPos, yPos, cRects, pRects );
    87101}

  • trunk/src/VBox/HostServices/SharedOpenGL/unpacker/unpack_shaders.c

    r76787 r78105  
    4343    int pos, pos_check;
    4444
    45     if (count <= 0 || count >= INT32_MAX / sizeof(char *) / 4)
     45    if (count <= 0 || count >= INT32_MAX / sizeof(GLint) / 8)
    4646    {
    4747        crError("crUnpackExtendShaderSource: count %u is out of range", count);
     
    5050
    5151    pos = 20 + count * sizeof(*pLocalLength);
     52
     53    if (!DATA_POINTER_CHECK(pos))
     54    {
     55        crError("crUnpackExtendShaderSource: pos %d is out of range", pos);
     56        return;
     57    }
    5258
    5359    if (hasNonLocalLen > 0)
     
    5763    }
    5864
     65    if (!DATA_POINTER_CHECK(pos))
     66    {
     67        crError("crUnpackExtendShaderSource: pos %d is out of range", pos);
     68        return;
     69    }
     70
    5971    pos_check = pos;
    6072
    61     if (!DATA_POINTER_CHECK(pos_check))
    62     {
    63         crError("crUnpackExtendShaderSource: pos %d is out of range", pos_check);
    64         return;
    65     }
    66 
    6773    for (i = 0; i < count; ++i)
    6874    {
    69         if (pLocalLength[i] <= 0 || pos_check >= INT32_MAX - pLocalLength[i] || !DATA_POINTER_CHECK(pos_check))
     75        if (pLocalLength[i] <= 0 || pos_check >= INT32_MAX - pLocalLength[i])
    7076        {
    7177            crError("crUnpackExtendShaderSource: pos %d is out of range", pos_check);
     
    7480
    7581        pos_check += pLocalLength[i];
     82
     83        if (!DATA_POINTER_CHECK(pos_check))
     84        {
     85            crError("crUnpackExtendShaderSource: pos %d is out of range", pos_check);
     86            return;
     87        }
    7688    }
    7789
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette