diff options
author | Emil Velikov <[email protected]> | 2015-11-26 00:36:16 +0000 |
---|---|---|
committer | Emil Velikov <[email protected]> | 2015-12-03 19:21:08 +0000 |
commit | 622186fbdf47e4c77aadba3e38567636ecbcccf5 (patch) | |
tree | cbd108b675bea1248acec4aff9e4f20035631075 | |
parent | 66fea8bd9662c8fc62d87cafce89adc27e3172a2 (diff) |
mesa: errors: validate the length of null terminated string
We're about to rework the meaning of gl_debug_message::length to only
store the user provided data. Thus we should add an explicit validation
for null terminated strings.
Signed-off-by: Emil Velikov <[email protected]>
Reviewed-by: Timothy Arceri <[email protected]>
-rw-r--r-- | src/mesa/main/errors.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/mesa/main/errors.c b/src/mesa/main/errors.c index 9fa2c497a2e..a6294e3d2b3 100644 --- a/src/mesa/main/errors.c +++ b/src/mesa/main/errors.c @@ -960,8 +960,22 @@ error: static GLboolean -validate_length(struct gl_context *ctx, const char *callerstr, GLsizei length) +validate_length(struct gl_context *ctx, const char *callerstr, GLsizei length, + const GLchar *buf) { + + if (length < 0) { + GLsizei len = strlen(buf); + + if (len >= MAX_DEBUG_MESSAGE_LENGTH) { + _mesa_error(ctx, GL_INVALID_VALUE, + "%s(null terminated string length=%d, is not less than " + "GL_MAX_DEBUG_MESSAGE_LENGTH=%d)", callerstr, len, + MAX_DEBUG_MESSAGE_LENGTH); + return GL_FALSE; + } + } + if (length >= MAX_DEBUG_MESSAGE_LENGTH) { _mesa_error(ctx, GL_INVALID_VALUE, "%s(length=%d, which is not less than " @@ -992,7 +1006,7 @@ _mesa_DebugMessageInsert(GLenum source, GLenum type, GLuint id, if (length < 0) length = strlen(buf); - if (!validate_length(ctx, callerstr, length)) + if (!validate_length(ctx, callerstr, length, buf)) return; /* GL_INVALID_VALUE */ log_msg(ctx, gl_enum_to_debug_source(source), @@ -1161,7 +1175,7 @@ _mesa_PushDebugGroup(GLenum source, GLuint id, GLsizei length, if (length < 0) length = strlen(message); - if (!validate_length(ctx, callerstr, length)) + if (!validate_length(ctx, callerstr, length, message)) return; /* GL_INVALID_VALUE */ debug = _mesa_lock_debug_state(ctx); |