From 7118851374074bd92887bfabd47ce39c9be412fd Mon Sep 17 00:00:00 2001 From: Jason Ekstrand Date: Wed, 11 Oct 2017 10:56:48 -0700 Subject: [PATCH] glsl/blob: Return false from ensure_can_read on overrun MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Otherwise, if you have a large read fail and then try to do a small read, the small read may succeed even though it's at the wrong offset. Reviewed-by: Nicolai Hähnle Reviewed-by: Jordan Justen Cc: mesa-stable@lists.freedesktop.org --- src/compiler/glsl/blob.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/compiler/glsl/blob.c b/src/compiler/glsl/blob.c index 3c4aed8..e837cdf 100644 --- a/src/compiler/glsl/blob.c +++ b/src/compiler/glsl/blob.c @@ -207,6 +207,9 @@ blob_reader_init(struct blob_reader *blob, uint8_t *data, size_t size) static bool ensure_can_read(struct blob_reader *blob, size_t size) { + if (blob->overrun) + return false; + if (blob->current < blob->end && blob->end - blob->current >= size) return true; -- 2.7.4