VirtualBox

Changeset 78788 in vbox for trunk/src


Ignore:
Timestamp:
May 27, 2019 7:06:10 PM (6 years ago)
Author:
vboxsync
Message:

GuestHost/OpenGL/include/cr_unpack.h: Bug fixes in the access verification macros

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/GuestHost/OpenGL/include/cr_unpack.h

    r78375 r78788  
    9595    { \
    9696        (a_pState)->rcUnpack = VERR_BUFFER_OVERFLOW; \
     97        AssertFailed(); \
    9798        return; \
    9899    } \
     
    107108        { \
    108109            (a_pState)->rcUnpack = VERR_BUFFER_OVERFLOW; \
     110            AssertFailed(); \
    109111            return; \
    110112        } \
     
    129131    {
    130132        pState->rcUnpack = VERR_BUFFER_OVERFLOW;
     133        AssertFailed();
    131134        return ~(size_t)0;
    132135    }
     
    168171    do \
    169172    { \
    170         if (RT_UNLIKELY((a_pState)->cbUnpackDataLeft < (size_t)(delta))) \
     173        size_t a_cbAdv = (delta); \
     174        if (RT_UNLIKELY((a_pState)->cbUnpackDataLeft < a_cbAdv)) \
    171175        { \
    172176          (a_pState)->rcUnpack = VERR_BUFFER_OVERFLOW; \
     177          AssertFailed(); \
    173178          return; \
    174179        } \
    175         (a_pState)->pbUnpackData     += (delta); \
    176         (a_pState)->cbUnpackDataLeft -= (delta); \
     180        (a_pState)->pbUnpackData     += a_cbAdv; \
     181        (a_pState)->cbUnpackDataLeft -= a_cbAdv; \
    177182    } while(0)
    178183
     
    185190    { \
    186191        CRDBGPTR_CHECKZ((a_pState)->pReturnPtr); \
    187         if (!DATA_POINTER_CHECK(a_pState, offset + sizeof(*(a_pState)->pReturnPtr))) \
     192        if (offset + sizeof(*(a_pState)->pReturnPtr) > (a_pState)->cbUnpackDataLeft) \
    188193        { \
    189194             crError("%s: SET_RETURN_PTR(%u) offset out of bounds\n", __FUNCTION__, offset); \
     
    197202    { \
    198203        CRDBGPTR_CHECKZ((a_pState)->pWritebackPtr); \
    199         if (!DATA_POINTER_CHECK(a_pState, offset + sizeof(*(a_pState)->pWritebackPtr))) \
    200         { \
    201              crError("%s: SET_RETURN_PTR(%u) offset out of bounds\n", __FUNCTION__, offset); \
     204        if (offset + sizeof(*(a_pState)->pWritebackPtr) > (a_pState)->cbUnpackDataLeft) \
     205        { \
     206             crError("%s: SET_WRITEBACK_PTR(%u) offset out of bounds\n", __FUNCTION__, offset); \
    202207             return; \
    203208        } \
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette