File U_glx_05_add_safe_add_mul_pad_v3.patch of Package xorg-x11-server

Overview Repositories Revisions Requests Users Attributes Meta

File U_glx_05_add_safe_add_mul_pad_v3.patch of Package xorg-x11-server

Subject: glx: Add safe_{add,mul,pad} (v3)
References: bnc#882226
Patch-Mainline: Upstream
Signed-off-by: Michal Srb <msrb@suse.com>

These are paranoid about integer overflow, and will return -1 if their
operation would overflow a (signed) integer or if either argument is
negative.

Note that RenderLarge requests are sized with a uint32_t so in principle
this could be sketchy there, but dix limits bigreqs to 128M so you
shouldn't ever notice, and honestly if you're sending more than 2G of
rendering commands you're already doing something very wrong.

v2: Use INT_MAX for consistency with the rest of the server (jcristau)
v3: Reject negative arguments (anholt)

Signed-off-by: Adam Jackson <ajax@redhat.com>
---
 glx/glxserver.h | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/glx/glxserver.h b/glx/glxserver.h
index a324b29..9482601 100644
--- a/glx/glxserver.h
+++ b/glx/glxserver.h
@@ -228,6 +228,47 @@ extern void glxSwapQueryServerStringReply(ClientPtr client,
  * Routines for computing the size of variably-sized rendering commands.
  */
 
+static _X_INLINE int
+safe_add(int a, int b)
+{
+    if (a < 0 || b < 0)
+        return -1;
+
+    if (INT_MAX - a < b)
+        return -1;
+
+    return a + b;
+}
+
+static _X_INLINE int
+safe_mul(int a, int b)
+{
+    if (a < 0 || b < 0)
+        return -1;
+
+    if (a == 0 || b == 0)
+        return 0;
+
+    if (a > INT_MAX / b)
+        return -1;
+
+    return a * b;
+}
+
+static _X_INLINE int
+safe_pad(int a)
+{
+    int ret;
+
+    if (a < 0)
+        return -1;
+
+    if ((ret = safe_add(a, 3)) < 0)
+        return -1;
+
+    return ret & (GLuint)~3;
+}
+
 extern int __glXTypeSize(GLenum enm);
 extern int __glXImageSize(GLenum format, GLenum type,
                           GLenum target, GLsizei w, GLsizei h, GLsizei d,
-- 
1.9.0

_______________________________________________
xorg-security mailing list
xorg-security@lists.x.org
http://lists.x.org/mailman/listinfo/xorg-security

Places

File U_glx_05_add_safe_add_mul_pad_v3.patch of Package xorg-x11-server

Places