Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:GA
xorg-x11-server
U_glx_05_add_safe_add_mul_pad_v3.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_glx_05_add_safe_add_mul_pad_v3.patch of Package xorg-x11-server
Subject: glx: Add safe_{add,mul,pad} (v3) References: bnc#882226 Patch-Mainline: Upstream Signed-off-by: Michal Srb <msrb@suse.com> These are paranoid about integer overflow, and will return -1 if their operation would overflow a (signed) integer or if either argument is negative. Note that RenderLarge requests are sized with a uint32_t so in principle this could be sketchy there, but dix limits bigreqs to 128M so you shouldn't ever notice, and honestly if you're sending more than 2G of rendering commands you're already doing something very wrong. v2: Use INT_MAX for consistency with the rest of the server (jcristau) v3: Reject negative arguments (anholt) Signed-off-by: Adam Jackson <ajax@redhat.com> --- glx/glxserver.h | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/glx/glxserver.h b/glx/glxserver.h index a324b29..9482601 100644 --- a/glx/glxserver.h +++ b/glx/glxserver.h @@ -228,6 +228,47 @@ extern void glxSwapQueryServerStringReply(ClientPtr client, * Routines for computing the size of variably-sized rendering commands. */ +static _X_INLINE int +safe_add(int a, int b) +{ + if (a < 0 || b < 0) + return -1; + + if (INT_MAX - a < b) + return -1; + + return a + b; +} + +static _X_INLINE int +safe_mul(int a, int b) +{ + if (a < 0 || b < 0) + return -1; + + if (a == 0 || b == 0) + return 0; + + if (a > INT_MAX / b) + return -1; + + return a * b; +} + +static _X_INLINE int +safe_pad(int a) +{ + int ret; + + if (a < 0) + return -1; + + if ((ret = safe_add(a, 3)) < 0) + return -1; + + return ret & (GLuint)~3; +} + extern int __glXTypeSize(GLenum enm); extern int __glXImageSize(GLenum format, GLenum type, GLenum target, GLsizei w, GLsizei h, GLsizei d, -- 1.9.0 _______________________________________________ xorg-security mailing list xorg-security@lists.x.org http://lists.x.org/mailman/listinfo/xorg-security
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor