glapi/glx: Add overflow checks to the client-side indirect code
authorAdam Jackson <ajax@redhat.com>
Tue, 24 May 2016 19:45:11 +0000 (15:45 -0400)
committerAdam Jackson <ajax@redhat.com>
Wed, 8 Jun 2016 18:39:46 +0000 (14:39 -0400)
commita1c5cd426c0381124f7c320d5a7b760a9a36af75
treea043f8fea0957398880915ea732336b10232746d
parent26b69ad250ee23e70831626a88f70f6ddf2e1bcc
glapi/glx: Add overflow checks to the client-side indirect code

Coverity complains that the computed sizes can lead to negative lengths
passed to memcpy. If that happens we've been handed invalid arguments
anyway, so just bomb out.

The funky "0%s" is because the size string for the variable-length part
of the request is of the form "+ safe_pad() ...", and a unary + would
coerce the result to always be positive, defeating the overflow check.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
src/mapi/glapi/gen/glX_proto_send.py