summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEmil Velikov <[email protected]>2015-11-26 00:36:16 +0000
committerEmil Velikov <[email protected]>2015-12-03 19:21:08 +0000
commit622186fbdf47e4c77aadba3e38567636ecbcccf5 (patch)
treecbd108b675bea1248acec4aff9e4f20035631075
parent66fea8bd9662c8fc62d87cafce89adc27e3172a2 (diff)
mesa: errors: validate the length of null terminated string
We're about to rework the meaning of gl_debug_message::length to only store the user provided data. Thus we should add an explicit validation for null terminated strings. Signed-off-by: Emil Velikov <[email protected]> Reviewed-by: Timothy Arceri <[email protected]>
-rw-r--r--src/mesa/main/errors.c20
1 files changed, 17 insertions, 3 deletions
diff --git a/src/mesa/main/errors.c b/src/mesa/main/errors.c
index 9fa2c497a2e..a6294e3d2b3 100644
--- a/src/mesa/main/errors.c
+++ b/src/mesa/main/errors.c
@@ -960,8 +960,22 @@ error:
static GLboolean
-validate_length(struct gl_context *ctx, const char *callerstr, GLsizei length)
+validate_length(struct gl_context *ctx, const char *callerstr, GLsizei length,
+ const GLchar *buf)
{
+
+ if (length < 0) {
+ GLsizei len = strlen(buf);
+
+ if (len >= MAX_DEBUG_MESSAGE_LENGTH) {
+ _mesa_error(ctx, GL_INVALID_VALUE,
+ "%s(null terminated string length=%d, is not less than "
+ "GL_MAX_DEBUG_MESSAGE_LENGTH=%d)", callerstr, len,
+ MAX_DEBUG_MESSAGE_LENGTH);
+ return GL_FALSE;
+ }
+ }
+
if (length >= MAX_DEBUG_MESSAGE_LENGTH) {
_mesa_error(ctx, GL_INVALID_VALUE,
"%s(length=%d, which is not less than "
@@ -992,7 +1006,7 @@ _mesa_DebugMessageInsert(GLenum source, GLenum type, GLuint id,
if (length < 0)
length = strlen(buf);
- if (!validate_length(ctx, callerstr, length))
+ if (!validate_length(ctx, callerstr, length, buf))
return; /* GL_INVALID_VALUE */
log_msg(ctx, gl_enum_to_debug_source(source),
@@ -1161,7 +1175,7 @@ _mesa_PushDebugGroup(GLenum source, GLuint id, GLsizei length,
if (length < 0)
length = strlen(message);
- if (!validate_length(ctx, callerstr, length))
+ if (!validate_length(ctx, callerstr, length, message))
return; /* GL_INVALID_VALUE */
debug = _mesa_lock_debug_state(ctx);