virgl: check buffer size to avoid unsigned wraparound (!498) · Merge requests · virgl / virglrenderer

Gert Wollny requested to merge gerddie/virglrenderer:vrend-decode-check-buf-total into master Mar 09, 2021

Make sure that the passed buffer size is not negative and that multiplying it with sizeof(uint32_t) doesn't overflow. With that we make sure that the buf_offset in the decoding loop can't wrap around when it is updated.

Edited Mar 11, 2021 by Gert Wollny

Admin message

virgl: check buffer size to avoid unsigned wraparound

Merge request reports