From: Daekwang Ryu <dkdk.ryu@samsung.com>
Date: Thu, 16 Feb 2017 07:54:47 +0000 (+0900)
Subject: evas_gl: Check bounds of num_fbo_fmts
X-Git-Tag: submit/tizen/20170221.045909~6
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b0f05b0df0c65b89721fd84ae05a78e36c4f2474;p=platform%2Fupstream%2Fefl.git

evas_gl: Check bounds of num_fbo_fmts

Valid range of num_fbo_fmts is 0 ~ 100.
Max value comes from caps.fbo_fmts length.

Change-Id: I40349c5a412809ebb3bb9cebe0e12bde454a6eaf
---

diff --git a/src/modules/evas/engines/gl_common/evas_gl_core.c b/src/modules/evas/engines/gl_common/evas_gl_core.c
index 42ba2df4e2..811688ad46 100644
--- a/src/modules/evas/engines/gl_common/evas_gl_core.c
+++ b/src/modules/evas/engines/gl_common/evas_gl_core.c
@@ -783,6 +783,13 @@ _surface_cap_load(Eet_File *ef)
    if ((!data) || (length <= 0)) goto finish;
    if (data[length - 1] != 0) goto finish;
    evgl_engine->caps.num_fbo_fmts = atoi(data);
+
+   if (evgl_engine->caps.num_fbo_fmts < 0 || evgl_engine->caps.num_fbo_fmts > 100)
+     {
+        ERR("num_fbo_fmts is invalid. %d", evgl_engine->caps.num_fbo_fmts);
+        goto finish;
+     }
+
    free(data);
    data = NULL;