diff mbox

display: virtio-gpu-3d: check virgl capabilities max_size

Message ID alpine.LFD.2.20.1612131946260.6601@wniryva
State New
Headers show

Commit Message

Prasad Pandit Dec. 13, 2016, 2:26 p.m. UTC 
+-- On Tue, 13 Dec 2016, Gerd Hoffmann wrote --+
| I guess we want throw an error (VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER)
| in the error case then instead of leaving resp->hdr.type unset.

  I see, okay. Does the patch below look okay?

===

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

Comments

Marc-André Lureau Dec. 13, 2016, 4:01 p.m. UTC | #1 
Hi

On Tue, Dec 13, 2016 at 5:27 PM P J P <ppandit@redhat.com> wrote:

> +-- On Tue, 13 Dec 2016, Gerd Hoffmann wrote --+
> | I guess we want throw an error (VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER)
> | in the error case then instead of leaving resp->hdr.type unset.
>
>   I see, okay. Does the patch below look okay?
>
> ===
> diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
> index 758d33a..6ceeba3 100644
> --- a/hw/display/virtio-gpu-3d.c
> +++ b/hw/display/virtio-gpu-3d.c
> @@ -370,8 +370,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
>
>      virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
>                                 &max_size);
> -    resp = g_malloc(sizeof(*resp) + max_size);
> +    if (!max_size) {
> +        cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
> +        return;
> +    }
>
> +    resp = g_malloc(sizeof(*resp) + max_size);
>      resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
>      virgl_renderer_fill_caps(gc.capset_id,
>                               gc.capset_version,
> ===
>
>
That looks good to me, waiting for the proper patch.


> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
>
> --
Marc-André Lureau
Prasad Pandit Dec. 14, 2016, 7:03 a.m. UTC | #2 
+-- On Tue, 13 Dec 2016, Marc-André Lureau wrote --+
| > -    resp = g_malloc(sizeof(*resp) + max_size);
| > +    if (!max_size) {
| > +        cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
| > +        return;
| > +    }
| >
| > +    resp = g_malloc(sizeof(*resp) + max_size);
| >      resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
|
| That looks good to me, waiting for the proper patch.

Okay, sent. Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
diff mbox

Patch

===
diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
index 758d33a..6ceeba3 100644
--- a/hw/display/virtio-gpu-3d.c
+++ b/hw/display/virtio-gpu-3d.c
@@ -370,8 +370,12 @@  static void virgl_cmd_get_capset(VirtIOGPU *g,
 
     virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
                                &max_size);
-    resp = g_malloc(sizeof(*resp) + max_size);
+    if (!max_size) {
+        cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
+        return;
+    }
 
+    resp = g_malloc(sizeof(*resp) + max_size);
     resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
     virgl_renderer_fill_caps(gc.capset_id,
                              gc.capset_version,