From 2eb55601bbb405bf72555409ede8795abb69d3dd Mon Sep 17 00:00:00 2001
From: Brian Paul <brianp@vmware.com>
Date: Sat, 14 Sep 2013 10:09:24 -0600
Subject: [PATCH] mesa: check for bufSize > 0 in _mesa_GetSynciv()

The spec doesn't say GL_INVALID_VALUE should be raised for bufSize <= 0.
In any case, memcpy(len < 0) will lead to a crash, so don't allow it.

CC: "9.2" <mesa-stable@lists.freedesktop.org>
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
(cherry picked from commit 6659131be3bde0505a85e3a7d27382b273822bee)
---
 src/mesa/main/syncobj.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mesa/main/syncobj.c b/src/mesa/main/syncobj.c
index c8d25cdf13b..4e9b1251efe 100644
--- a/src/mesa/main/syncobj.c
+++ b/src/mesa/main/syncobj.c
@@ -409,7 +409,7 @@ _mesa_GetSynciv(GLsync sync, GLenum pname, GLsizei bufSize, GLsizei *length,
       return;
    }
 
-   if (size > 0) {
+   if (size > 0 && bufSize > 0) {
       const GLsizei copy_count = MIN2(size, bufSize);
 
       memcpy(values, v, sizeof(GLint) * copy_count);