VirtualBox

Changeset 87110 in vbox for trunk/src/VBox/Devices/Graphics


Ignore:
Timestamp:
Dec 21, 2020 1:29:10 PM (4 years ago)
Author:
vboxsync
svn:sync-xref-src-repo-rev:
141976
Message:

3D/VMSVGA: Ignore a surface in case of inconsistent parameters, bugref:9880

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/Graphics/DevVGA-SVGA3d.cpp

    r86905 r87110  
    9292
    9393    RT_ZERO(*pSurface);
    94     pSurface->id                    = sid;
     94    pSurface->id = SVGA3D_INVALID_ID; /* Keep this value until the surface init completes */
    9595#ifdef VMSVGA3D_OPENGL
    9696    pSurface->idWeakContextAssociation = SVGA3D_INVALID_ID;
     
    204204    uint32_t cbMemRemaining = SVGA3D_MAX_SURFACE_MEM_SIZE; /* Do not allow more than this for a surface. */
    205205    SVGA3dSize mipmapSize = *pMipLevel0Size;
     206    int rc = VINF_SUCCESS;
     207
    206208    for (uint32_t i = 0; i < numMipLevels; ++i)
    207209    {
     
    230232            }
    231233
    232             AssertReturn(cBlocksX > 0 && cBlocksY > 0 && mipmapSize.depth > 0, VERR_INVALID_PARAMETER);
     234            AssertBreakStmt(cBlocksX > 0 && cBlocksY > 0 && mipmapSize.depth > 0, rc = VERR_INVALID_PARAMETER);
    233235
    234236            const uint32_t cMaxBlocksX = cbMemRemaining / pSurface->cbBlock;
    235             if (cBlocksX > cMaxBlocksX)
    236                 return VERR_INVALID_PARAMETER;
     237            AssertBreakStmt(cBlocksX < cMaxBlocksX, rc = VERR_INVALID_PARAMETER);
     238
    237239            const uint32_t cbSurfacePitch = pSurface->cbBlock * cBlocksX;
    238240            LogFunc(("cbSurfacePitch=0x%x\n", cbSurfacePitch));
    239241
    240242            const uint32_t cMaxBlocksY = cbMemRemaining / cbSurfacePitch;
    241             if (cBlocksY > cMaxBlocksY)
    242                 return VERR_INVALID_PARAMETER;
     243            AssertBreakStmt(cBlocksY < cMaxBlocksY, rc = VERR_INVALID_PARAMETER);
     244
    243245            const uint32_t cbSurfacePlane = cbSurfacePitch * cBlocksY;
    244246
    245247            const uint32_t cMaxDepth = cbMemRemaining / cbSurfacePlane;
    246             if (mipmapSize.depth > cMaxDepth)
    247                 return VERR_INVALID_PARAMETER;
     248            AssertBreakStmt(mipmapSize.depth < cMaxDepth, rc = VERR_INVALID_PARAMETER);
     249
    248250            const uint32_t cbSurface = cbSurfacePlane * mipmapSize.depth;
    249251
     
    261263        }
    262264
     265        AssertRCBreak(rc);
     266
    263267        mipmapSize.width >>= 1;
    264268        if (mipmapSize.width == 0) mipmapSize.width = 1;
     
    268272        if (mipmapSize.depth == 0) mipmapSize.depth = 1;
    269273    }
     274
     275    AssertLogRelRCReturnStmt(rc, RTMemFree(pSurface->paMipmapLevels), rc);
    270276
    271277#ifdef VMSVGA3D_DIRECT3D
     
    315321        AssertReturn(pMipmapLevel->pSurfaceData, VERR_NO_MEMORY);
    316322    }
     323
     324    pSurface->id = sid;
    317325    return VINF_SUCCESS;
    318326}
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette