On 04.03.2016 04:46, Marek Olšák wrote:
>
> +/**
> + * Device information returned by Mesa.
> + */
> +typedef struct _mesa_glinterop_device_info {
> + uint32_t size; /* size of this structure */
Callees determine how much data they can write by looking at these size
members of the *out parameters. That's pretty error-prone: If the
callers just pass in a pointer they received from malloc, forgetting to
initialize the size member, it'll have a random value, which is quite
likely larger than the actual size and what the callee expects as a
minimum, in which case the callee will write past the end of the
allocated memory => memory corruption, if not a security issue.
If you still don't want to go for a version based scheme instead, I'd
suggest passing in the size as an explicit function parameter. (Or at
the very least, it needs to be documented very prominently that callers
must initialize out->size before calling in; but we know no matter how
well that is documented, it'll probably be ignored anyway sooner or
later...)
--
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Mesa and X developer
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
