fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-05-08 15:38:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

shader_api: Fix bounds checking of glUniform and glUniformMatrix

Browse source 
Signed-off-by: Nicolai Hähnle <nhaehnle@gmail.com>
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
This commit is contained in:
Nicolai Hähnle 2009-10-03 16:30:16 +02:00
parent ae351599f1
commit 9fde81bb20
1 changed files with 22 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
src/mesa/shader/shader_api.c
View file

@ -1702,8 +1702,8 @@ set_program_uniform(GLcontext *ctx, struct gl_program *program,
/* we'll ignore extra data below */ /* we'll ignore extra data below */
} }
else { else {
/* non-array: count must be one */ /* non-array: count must be at most one; count == 0 is handled by the loop below */
if (count != 1) { if (count > 1) {
_mesa_error(ctx, GL_INVALID_OPERATION, _mesa_error(ctx, GL_INVALID_OPERATION,
"glUniform(uniform is not an array)"); "glUniform(uniform is not an array)");
return; return;
@ -1880,20 +1880,27 @@ set_program_uniform_matrix(GLcontext *ctx, struct gl_program *program,
GLboolean transpose, const GLfloat *values) GLboolean transpose, const GLfloat *values)
{ {
GLuint mat, row, col; GLuint mat, row, col;
GLuint dst = index + offset, src = 0; GLuint src = 0;
const struct gl_program_parameter * param = &program->Parameters->Parameters[index];
const GLint slots = (param->Size + 3) / 4;
const GLint typeSize = sizeof_glsl_type(param->DataType);
GLint nr, nc; GLint nr, nc;
/* check that the number of rows, columns is correct */ /* check that the number of rows, columns is correct */
get_matrix_dims(program->Parameters->Parameters[index].DataType, &nr, &nc); get_matrix_dims(param->DataType, &nr, &nc);
if (rows != nr || cols != nc) { if (rows != nr || cols != nc) {
_mesa_error(ctx, GL_INVALID_OPERATION, _mesa_error(ctx, GL_INVALID_OPERATION,
"glUniformMatrix(matrix size mismatch)"); "glUniformMatrix(matrix size mismatch)");
return; return;
} }
if (index + offset > program->Parameters->Size) { if (param->Size <= typeSize) {
/* out of bounds! */ /* non-array: count must be at most one; count == 0 is handled by the loop below */
return; if (count > 1) {
_mesa_error(ctx, GL_INVALID_OPERATION,
"glUniformMatrix(uniform is not an array)");
return;
}
} }
/* /*
@ -1907,7 +1914,12 @@ set_program_uniform_matrix(GLcontext *ctx, struct gl_program *program,
/* each matrix: */ /* each matrix: */
for (col = 0; col < cols; col++) { for (col = 0; col < cols; col++) {
GLfloat *v = program->Parameters->ParameterValues[dst]; GLfloat *v;
if (offset >= slots) {
/* Ignore writes beyond the end of (the used part of) an array */
return;
}
v = program->Parameters->ParameterValues[index + offset];
for (row = 0; row < rows; row++) { for (row = 0; row < rows; row++) {
if (transpose) { if (transpose) {
v[row] = values[src + row * cols + col]; v[row] = values[src + row * cols + col];
@ -1916,7 +1928,8 @@ set_program_uniform_matrix(GLcontext *ctx, struct gl_program *program,
v[row] = values[src + col * rows + row]; v[row] = values[src + col * rows + row];
} }
} }
dst++;
offset++;
} }
src += rows * cols; /* next matrix */ src += rows * cols; /* next matrix */