From 622186fbdf47e4c77aadba3e38567636ecbcccf5 Mon Sep 17 00:00:00 2001 From: Emil Velikov Date: Thu, 26 Nov 2015 00:36:16 +0000 Subject: [PATCH] mesa: errors: validate the length of null terminated string We're about to rework the meaning of gl_debug_message::length to only store the user provided data. Thus we should add an explicit validation for null terminated strings. Signed-off-by: Emil Velikov Reviewed-by: Timothy Arceri --- src/mesa/main/errors.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/mesa/main/errors.c b/src/mesa/main/errors.c index 9fa2c497a2e..a6294e3d2b3 100644 --- a/src/mesa/main/errors.c +++ b/src/mesa/main/errors.c @@ -960,8 +960,22 @@ error: static GLboolean -validate_length(struct gl_context *ctx, const char *callerstr, GLsizei length) +validate_length(struct gl_context *ctx, const char *callerstr, GLsizei length, + const GLchar *buf) { + + if (length < 0) { + GLsizei len = strlen(buf); + + if (len >= MAX_DEBUG_MESSAGE_LENGTH) { + _mesa_error(ctx, GL_INVALID_VALUE, + "%s(null terminated string length=%d, is not less than " + "GL_MAX_DEBUG_MESSAGE_LENGTH=%d)", callerstr, len, + MAX_DEBUG_MESSAGE_LENGTH); + return GL_FALSE; + } + } + if (length >= MAX_DEBUG_MESSAGE_LENGTH) { _mesa_error(ctx, GL_INVALID_VALUE, "%s(length=%d, which is not less than " @@ -992,7 +1006,7 @@ _mesa_DebugMessageInsert(GLenum source, GLenum type, GLuint id, if (length < 0) length = strlen(buf); - if (!validate_length(ctx, callerstr, length)) + if (!validate_length(ctx, callerstr, length, buf)) return; /* GL_INVALID_VALUE */ log_msg(ctx, gl_enum_to_debug_source(source), @@ -1161,7 +1175,7 @@ _mesa_PushDebugGroup(GLenum source, GLuint id, GLsizei length, if (length < 0) length = strlen(message); - if (!validate_length(ctx, callerstr, length)) + if (!validate_length(ctx, callerstr, length, message)) return; /* GL_INVALID_VALUE */ debug = _mesa_lock_debug_state(ctx); -- 2.30.2