From 1feb45bc365ff4d0df67d0ec6ad1dc31e94d5aca Mon Sep 17 00:00:00 2001 From: Jason Ekstrand Date: Tue, 28 Aug 2018 16:43:57 -0500 Subject: [PATCH] egl/dri2: Guard against invalid fourcc formats MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We already reject attempts to import images with invalid fourcc formats but don't really guard the queries all that well. This makes us error out in any calls to eglQueryDmaBufModifiersEXT if the given format is not a valid fourcc format. We also add an assert to ensure that drivers don't advertise any non-fourcc formats. Cc: mesa-stable@lists.freedesktop.org Tested-By: Eero Tamminen Reviewed-by: Eric Engestrom (cherry picked from commit 8c1b9882b2e0cde0b1ad9c6844fd5939d3bd4b24) Squashed with commit: st/dri: Don't expose sRGB formats to clients Though the SARGB8888 format is used internally through its FourCC value, it is not a real format as defined by drm_fourcc.h; it cannot be used with KMS or other interfaces expecting drm_fourcc.h format codes. Ensure we don't advertise it through the dmabuf format/modifier query interfaces, preventing us from tripping over an assert. Signed-off-by: Daniel Stone Reported-by: Michel Dänzer Fixes: 8c1b9882b2e0 ("egl/dri2: Guard against invalid fourcc formats") Acked-by: Jason Ekstrand (cherry picked from commit 01c0aa9f058673071f908ed775a76b4415464b5c) --- src/egl/drivers/dri2/egl_dri2.c | 15 +++++++++++++++ src/gallium/state_trackers/dri/dri2.c | 6 ++++++ 2 files changed, 21 insertions(+) diff --git a/src/egl/drivers/dri2/egl_dri2.c b/src/egl/drivers/dri2/egl_dri2.c index 84018d86425..da7d8b9cd15 100644 --- a/src/egl/drivers/dri2/egl_dri2.c +++ b/src/egl/drivers/dri2/egl_dri2.c @@ -2353,6 +2353,18 @@ dri2_query_dma_buf_formats(_EGLDriver *drv, _EGLDisplay *disp, formats, count)) return EGL_FALSE; + if (max > 0) { + /* Assert that all of the formats returned are actually fourcc formats. + * Some day, if we want the internal interface function to be able to + * return the fake fourcc formats defined in dri_interface.h, we'll have + * to do something more clever here to pair the list down to just real + * fourcc formats so that we don't leak the fake internal ones. + */ + for (int i = 0; i < *count; i++) { + assert(dri2_num_fourcc_format_planes(formats[i]) > 0); + } + } + return EGL_TRUE; } @@ -2363,6 +2375,9 @@ dri2_query_dma_buf_modifiers(_EGLDriver *drv, _EGLDisplay *disp, EGLint format, { struct dri2_egl_display *dri2_dpy = dri2_egl_display(disp); + if (dri2_num_fourcc_format_planes(format) == 0) + return _eglError(EGL_BAD_PARAMETER, "invalid fourcc format"); + if (max < 0) return _eglError(EGL_BAD_PARAMETER, "invalid value for max count of formats"); diff --git a/src/gallium/state_trackers/dri/dri2.c b/src/gallium/state_trackers/dri/dri2.c index 2ac32205d9a..c8a484e3926 100644 --- a/src/gallium/state_trackers/dri/dri2.c +++ b/src/gallium/state_trackers/dri/dri2.c @@ -1485,6 +1485,12 @@ dri2_query_dma_buf_formats(__DRIscreen *_screen, int max, int *formats, for (i = 0, j = 0; (i < ARRAY_SIZE(fourcc_formats)) && (j < max || max == 0); i++) { + /* The sRGB format is not a real FourCC as defined by drm_fourcc.h, so we + * must not leak it out to clients. + */ + if (fourcc_formats[i] == __DRI_IMAGE_FOURCC_SARGB8888) + continue; + if (pscreen->is_format_supported(pscreen, fourcc_to_pipe_format( fourcc_formats[i]),