repositories / deb_xorg-server.git / blame
| Commit | Line | Data |
|---|---|---|
| 7217e0ca ML |
1 | From d303d79450436a1ef04252c2a7e36870c2506f38 Mon Sep 17 00:00:00 2001 |
| 2 | From: Adam Jackson <ajax@redhat.com> | |
| 3 | Date: Mon, 10 Nov 2014 12:13:48 -0500 | |
| 4 | Subject: [PATCH 32/33] glx: Pass remaining request length into ->varsize (v2) | |
| 5 | [CVE-2014-8098 8/8] | |
| 6 | ||
| 7 | v2: Handle more multiplies in indirect_reqsize.c (Julien Cristau) | |
| 8 | ||
| 9 | Reviewed-by: Julien Cristau <jcristau@debian.org> | |
| 10 | Reviewed-by: Michal Srb <msrb@suse.com> | |
| 11 | Reviewed-by: Andy Ritger <aritger@nvidia.com> | |
| 12 | Signed-off-by: Adam Jackson <ajax@redhat.com> | |
| 13 | Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> | |
| 14 | --- | |
| 15 | glx/glxcmds.c | 7 +- | |
| 16 | glx/glxserver.h | 2 +- | |
| 17 | glx/indirect_reqsize.c | 142 +++++++++++++++++++------------------ | |
| 18 | glx/indirect_reqsize.h | 181 +++++++++++++++++++++++++++++------------------- | |
| 19 | glx/rensize.c | 27 +++++--- | |
| 20 | 5 files changed, 205 insertions(+), 154 deletions(-) | |
| 21 | ||
| 4db25562 JB |
22 | --- a/glx/glxcmds.c |
| 23 | +++ b/glx/glxcmds.c | |
| 24 | @@ -2057,7 +2057,8 @@ __glXDisp_Render(__GLXclientState * cl, | |
| 7217e0ca ML |
25 | if (entry.varsize) { |
| 26 | /* variable size command */ | |
| 27 | extra = (*entry.varsize) (pc + __GLX_RENDER_HDR_SIZE, | |
| 28 | - client->swapped); | |
| 29 | + client->swapped, | |
| 30 | + left - __GLX_RENDER_HDR_SIZE); | |
| 31 | if (extra < 0) { | |
| 32 | return BadLength; | |
| 33 | } | |
| 4db25562 | 34 | @@ -2134,6 +2135,7 @@ __glXDisp_RenderLarge(__GLXclientState * |
| 7217e0ca ML |
35 | if (cl->largeCmdRequestsSoFar == 0) { |
| 36 | __GLXrenderSizeData entry; | |
| 37 | int extra = 0; | |
| 38 | + int left = (req->length << 2) - sz_xGLXRenderLargeReq; | |
| 39 | size_t cmdlen; | |
| 40 | int err; | |
| 41 | ||
| 4db25562 | 42 | @@ -2174,7 +2176,8 @@ __glXDisp_RenderLarge(__GLXclientState * |
| 7217e0ca ML |
43 | ** will be in the 1st request, so it's okay to do this. |
| 44 | */ | |
| 45 | extra = (*entry.varsize) (pc + __GLX_RENDER_LARGE_HDR_SIZE, | |
| 46 | - client->swapped); | |
| 47 | + client->swapped, | |
| 48 | + left - __GLX_RENDER_LARGE_HDR_SIZE); | |
| 49 | if (extra < 0) { | |
| 50 | return BadLength; | |
| 51 | } | |
| 4db25562 JB |
52 | --- a/glx/glxserver.h |
| 53 | +++ b/glx/glxserver.h | |
| 54 | @@ -179,7 +179,7 @@ typedef int (*__GLXprocPtr) (__GLXclient | |
| 7217e0ca ML |
55 | /* |
| 56 | * Tables for computing the size of each rendering command. | |
| 57 | */ | |
| 58 | -typedef int (*gl_proto_size_func) (const GLbyte *, Bool); | |
| 59 | +typedef int (*gl_proto_size_func) (const GLbyte *, Bool, int); | |
| 60 | ||
| 61 | typedef struct { | |
| 62 | int bytes; | |
| 4db25562 JB |
63 | --- a/glx/indirect_reqsize.c |
| 64 | +++ b/glx/indirect_reqsize.c | |
| 7217e0ca ML |
65 | @@ -31,24 +31,22 @@ |
| 66 | #include "indirect_size.h" | |
| 67 | #include "indirect_reqsize.h" | |
| 68 | ||
| 69 | -#define __GLX_PAD(x) (((x) + 3) & ~3) | |
| 70 | - | |
| 71 | #if defined(__CYGWIN__) || defined(__MINGW32__) | |
| 72 | #undef HAVE_ALIAS | |
| 73 | #endif | |
| 74 | #ifdef HAVE_ALIAS | |
| 75 | #define ALIAS2(from,to) \ | |
| 76 | - GLint __glX ## from ## ReqSize( const GLbyte * pc, Bool swap ) \ | |
| 77 | + GLint __glX ## from ## ReqSize( const GLbyte * pc, Bool swap, int reqlen ) \ | |
| 78 | __attribute__ ((alias( # to ))); | |
| 79 | #define ALIAS(from,to) ALIAS2( from, __glX ## to ## ReqSize ) | |
| 80 | #else | |
| 81 | #define ALIAS(from,to) \ | |
| 82 | - GLint __glX ## from ## ReqSize( const GLbyte * pc, Bool swap ) \ | |
| 83 | - { return __glX ## to ## ReqSize( pc, swap ); } | |
| 84 | + GLint __glX ## from ## ReqSize( const GLbyte * pc, Bool swap, int reqlen ) \ | |
| 85 | + { return __glX ## to ## ReqSize( pc, swap, reqlen ); } | |
| 86 | #endif | |
| 87 | ||
| 88 | int | |
| 89 | -__glXCallListsReqSize(const GLbyte * pc, Bool swap) | |
| 90 | +__glXCallListsReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 91 | { | |
| 92 | GLsizei n = *(GLsizei *) (pc + 0); | |
| 93 | GLenum type = *(GLenum *) (pc + 4); | |
| 4db25562 | 94 | @@ -60,11 +58,11 @@ __glXCallListsReqSize(const GLbyte * pc, |
| 7217e0ca ML |
95 | } |
| 96 | ||
| 97 | compsize = __glCallLists_size(type); | |
| 98 | - return __GLX_PAD((compsize * n)); | |
| 99 | + return safe_pad(safe_mul(compsize, n)); | |
| 100 | } | |
| 101 | ||
| 102 | int | |
| 103 | -__glXBitmapReqSize(const GLbyte * pc, Bool swap) | |
| 104 | +__glXBitmapReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 105 | { | |
| 106 | GLint row_length = *(GLint *) (pc + 4); | |
| 107 | GLint image_height = 0; | |
| 4db25562 | 108 | @@ -88,7 +86,7 @@ __glXBitmapReqSize(const GLbyte * pc, Bo |
| 7217e0ca ML |
109 | } |
| 110 | ||
| 111 | int | |
| 112 | -__glXFogfvReqSize(const GLbyte * pc, Bool swap) | |
| 113 | +__glXFogfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 114 | { | |
| 115 | GLenum pname = *(GLenum *) (pc + 0); | |
| 116 | GLsizei compsize; | |
| 4db25562 | 117 | @@ -98,11 +96,11 @@ __glXFogfvReqSize(const GLbyte * pc, Boo |
| 7217e0ca ML |
118 | } |
| 119 | ||
| 120 | compsize = __glFogfv_size(pname); | |
| 121 | - return __GLX_PAD((compsize * 4)); | |
| 122 | + return safe_pad(safe_mul(compsize, 4)); | |
| 123 | } | |
| 124 | ||
| 125 | int | |
| 126 | -__glXLightfvReqSize(const GLbyte * pc, Bool swap) | |
| 127 | +__glXLightfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 128 | { | |
| 129 | GLenum pname = *(GLenum *) (pc + 4); | |
| 130 | GLsizei compsize; | |
| 4db25562 | 131 | @@ -112,11 +110,11 @@ __glXLightfvReqSize(const GLbyte * pc, B |
| 7217e0ca ML |
132 | } |
| 133 | ||
| 134 | compsize = __glLightfv_size(pname); | |
| 135 | - return __GLX_PAD((compsize * 4)); | |
| 136 | + return safe_pad(safe_mul(compsize, 4)); | |
| 137 | } | |
| 138 | ||
| 139 | int | |
| 140 | -__glXLightModelfvReqSize(const GLbyte * pc, Bool swap) | |
| 141 | +__glXLightModelfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 142 | { | |
| 143 | GLenum pname = *(GLenum *) (pc + 0); | |
| 144 | GLsizei compsize; | |
| 4db25562 | 145 | @@ -126,11 +124,11 @@ __glXLightModelfvReqSize(const GLbyte * |
| 7217e0ca ML |
146 | } |
| 147 | ||
| 148 | compsize = __glLightModelfv_size(pname); | |
| 149 | - return __GLX_PAD((compsize * 4)); | |
| 150 | + return safe_pad(safe_mul(compsize, 4)); | |
| 151 | } | |
| 152 | ||
| 153 | int | |
| 154 | -__glXMaterialfvReqSize(const GLbyte * pc, Bool swap) | |
| 155 | +__glXMaterialfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 156 | { | |
| 157 | GLenum pname = *(GLenum *) (pc + 4); | |
| 158 | GLsizei compsize; | |
| 4db25562 | 159 | @@ -140,11 +138,11 @@ __glXMaterialfvReqSize(const GLbyte * pc |
| 7217e0ca ML |
160 | } |
| 161 | ||
| 162 | compsize = __glMaterialfv_size(pname); | |
| 163 | - return __GLX_PAD((compsize * 4)); | |
| 164 | + return safe_pad(safe_mul(compsize, 4)); | |
| 165 | } | |
| 166 | ||
| 167 | int | |
| 168 | -__glXPolygonStippleReqSize(const GLbyte * pc, Bool swap) | |
| 169 | +__glXPolygonStippleReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 170 | { | |
| 171 | GLint row_length = *(GLint *) (pc + 4); | |
| 172 | GLint image_height = 0; | |
| 4db25562 | 173 | @@ -164,7 +162,7 @@ __glXPolygonStippleReqSize(const GLbyte |
| 7217e0ca ML |
174 | } |
| 175 | ||
| 176 | int | |
| 177 | -__glXTexParameterfvReqSize(const GLbyte * pc, Bool swap) | |
| 178 | +__glXTexParameterfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 179 | { | |
| 180 | GLenum pname = *(GLenum *) (pc + 4); | |
| 181 | GLsizei compsize; | |
| 4db25562 | 182 | @@ -174,11 +172,11 @@ __glXTexParameterfvReqSize(const GLbyte |
| 7217e0ca ML |
183 | } |
| 184 | ||
| 185 | compsize = __glTexParameterfv_size(pname); | |
| 186 | - return __GLX_PAD((compsize * 4)); | |
| 187 | + return safe_pad(safe_mul(compsize, 4)); | |
| 188 | } | |
| 189 | ||
| 190 | int | |
| 191 | -__glXTexImage1DReqSize(const GLbyte * pc, Bool swap) | |
| 192 | +__glXTexImage1DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 193 | { | |
| 194 | GLint row_length = *(GLint *) (pc + 4); | |
| 195 | GLint image_height = 0; | |
| 4db25562 | 196 | @@ -206,7 +204,7 @@ __glXTexImage1DReqSize(const GLbyte * pc |
| 7217e0ca ML |
197 | } |
| 198 | ||
| 199 | int | |
| 200 | -__glXTexImage2DReqSize(const GLbyte * pc, Bool swap) | |
| 201 | +__glXTexImage2DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 202 | { | |
| 203 | GLint row_length = *(GLint *) (pc + 4); | |
| 204 | GLint image_height = 0; | |
| 4db25562 | 205 | @@ -236,7 +234,7 @@ __glXTexImage2DReqSize(const GLbyte * pc |
| 7217e0ca ML |
206 | } |
| 207 | ||
| 208 | int | |
| 209 | -__glXTexEnvfvReqSize(const GLbyte * pc, Bool swap) | |
| 210 | +__glXTexEnvfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 211 | { | |
| 212 | GLenum pname = *(GLenum *) (pc + 4); | |
| 213 | GLsizei compsize; | |
| 4db25562 | 214 | @@ -246,11 +244,11 @@ __glXTexEnvfvReqSize(const GLbyte * pc, |
| 7217e0ca ML |
215 | } |
| 216 | ||
| 217 | compsize = __glTexEnvfv_size(pname); | |
| 218 | - return __GLX_PAD((compsize * 4)); | |
| 219 | + return safe_pad(safe_mul(compsize, 4)); | |
| 220 | } | |
| 221 | ||
| 222 | int | |
| 223 | -__glXTexGendvReqSize(const GLbyte * pc, Bool swap) | |
| 224 | +__glXTexGendvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 225 | { | |
| 226 | GLenum pname = *(GLenum *) (pc + 4); | |
| 227 | GLsizei compsize; | |
| 4db25562 | 228 | @@ -260,11 +258,11 @@ __glXTexGendvReqSize(const GLbyte * pc, |
| 7217e0ca ML |
229 | } |
| 230 | ||
| 231 | compsize = __glTexGendv_size(pname); | |
| 232 | - return __GLX_PAD((compsize * 8)); | |
| 233 | + return safe_pad(safe_mul(compsize, 8)); | |
| 234 | } | |
| 235 | ||
| 236 | int | |
| 237 | -__glXTexGenfvReqSize(const GLbyte * pc, Bool swap) | |
| 238 | +__glXTexGenfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 239 | { | |
| 240 | GLenum pname = *(GLenum *) (pc + 4); | |
| 241 | GLsizei compsize; | |
| 4db25562 | 242 | @@ -274,11 +272,11 @@ __glXTexGenfvReqSize(const GLbyte * pc, |
| 7217e0ca ML |
243 | } |
| 244 | ||
| 245 | compsize = __glTexGenfv_size(pname); | |
| 246 | - return __GLX_PAD((compsize * 4)); | |
| 247 | + return safe_pad(safe_mul(compsize, 4)); | |
| 248 | } | |
| 249 | ||
| 250 | int | |
| 251 | -__glXPixelMapfvReqSize(const GLbyte * pc, Bool swap) | |
| 252 | +__glXPixelMapfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 253 | { | |
| 254 | GLsizei mapsize = *(GLsizei *) (pc + 4); | |
| 255 | ||
| 4db25562 | 256 | @@ -286,11 +284,11 @@ __glXPixelMapfvReqSize(const GLbyte * pc |
| 7217e0ca ML |
257 | mapsize = bswap_32(mapsize); |
| 258 | } | |
| 259 | ||
| 260 | - return __GLX_PAD((mapsize * 4)); | |
| 261 | + return safe_pad(safe_mul(mapsize, 4)); | |
| 262 | } | |
| 263 | ||
| 264 | int | |
| 265 | -__glXPixelMapusvReqSize(const GLbyte * pc, Bool swap) | |
| 266 | +__glXPixelMapusvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 267 | { | |
| 268 | GLsizei mapsize = *(GLsizei *) (pc + 4); | |
| 269 | ||
| 4db25562 | 270 | @@ -298,11 +296,11 @@ __glXPixelMapusvReqSize(const GLbyte * p |
| 7217e0ca ML |
271 | mapsize = bswap_32(mapsize); |
| 272 | } | |
| 273 | ||
| 274 | - return __GLX_PAD((mapsize * 2)); | |
| 275 | + return safe_pad(safe_mul(mapsize, 2)); | |
| 276 | } | |
| 277 | ||
| 278 | int | |
| 279 | -__glXDrawPixelsReqSize(const GLbyte * pc, Bool swap) | |
| 280 | +__glXDrawPixelsReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 281 | { | |
| 282 | GLint row_length = *(GLint *) (pc + 4); | |
| 283 | GLint image_height = 0; | |
| 4db25562 | 284 | @@ -330,7 +328,7 @@ __glXDrawPixelsReqSize(const GLbyte * pc |
| 7217e0ca ML |
285 | } |
| 286 | ||
| 287 | int | |
| 288 | -__glXPrioritizeTexturesReqSize(const GLbyte * pc, Bool swap) | |
| 289 | +__glXPrioritizeTexturesReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 290 | { | |
| 291 | GLsizei n = *(GLsizei *) (pc + 0); | |
| 292 | ||
| 4db25562 | 293 | @@ -338,11 +336,11 @@ __glXPrioritizeTexturesReqSize(const GLb |
| 7217e0ca ML |
294 | n = bswap_32(n); |
| 295 | } | |
| 296 | ||
| 297 | - return __GLX_PAD((n * 4) + (n * 4)); | |
| 298 | + return safe_pad(safe_add(safe_mul(n, 4), safe_mul(n, 4))); | |
| 299 | } | |
| 300 | ||
| 301 | int | |
| 302 | -__glXTexSubImage1DReqSize(const GLbyte * pc, Bool swap) | |
| 303 | +__glXTexSubImage1DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 304 | { | |
| 305 | GLint row_length = *(GLint *) (pc + 4); | |
| 306 | GLint image_height = 0; | |
| 4db25562 | 307 | @@ -370,7 +368,7 @@ __glXTexSubImage1DReqSize(const GLbyte * |
| 7217e0ca ML |
308 | } |
| 309 | ||
| 310 | int | |
| 311 | -__glXTexSubImage2DReqSize(const GLbyte * pc, Bool swap) | |
| 312 | +__glXTexSubImage2DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 313 | { | |
| 314 | GLint row_length = *(GLint *) (pc + 4); | |
| 315 | GLint image_height = 0; | |
| 4db25562 | 316 | @@ -400,7 +398,7 @@ __glXTexSubImage2DReqSize(const GLbyte * |
| 7217e0ca ML |
317 | } |
| 318 | ||
| 319 | int | |
| 320 | -__glXColorTableReqSize(const GLbyte * pc, Bool swap) | |
| 321 | +__glXColorTableReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 322 | { | |
| 323 | GLint row_length = *(GLint *) (pc + 4); | |
| 324 | GLint image_height = 0; | |
| 4db25562 | 325 | @@ -428,7 +426,7 @@ __glXColorTableReqSize(const GLbyte * pc |
| 7217e0ca ML |
326 | } |
| 327 | ||
| 328 | int | |
| 329 | -__glXColorTableParameterfvReqSize(const GLbyte * pc, Bool swap) | |
| 330 | +__glXColorTableParameterfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 331 | { | |
| 332 | GLenum pname = *(GLenum *) (pc + 4); | |
| 333 | GLsizei compsize; | |
| 4db25562 | 334 | @@ -438,11 +436,11 @@ __glXColorTableParameterfvReqSize(const |
| 7217e0ca ML |
335 | } |
| 336 | ||
| 337 | compsize = __glColorTableParameterfv_size(pname); | |
| 338 | - return __GLX_PAD((compsize * 4)); | |
| 339 | + return safe_pad(safe_mul(compsize, 4)); | |
| 340 | } | |
| 341 | ||
| 342 | int | |
| 343 | -__glXColorSubTableReqSize(const GLbyte * pc, Bool swap) | |
| 344 | +__glXColorSubTableReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 345 | { | |
| 346 | GLint row_length = *(GLint *) (pc + 4); | |
| 347 | GLint image_height = 0; | |
| 4db25562 | 348 | @@ -470,7 +468,7 @@ __glXColorSubTableReqSize(const GLbyte * |
| 7217e0ca ML |
349 | } |
| 350 | ||
| 351 | int | |
| 352 | -__glXConvolutionFilter1DReqSize(const GLbyte * pc, Bool swap) | |
| 353 | +__glXConvolutionFilter1DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 354 | { | |
| 355 | GLint row_length = *(GLint *) (pc + 4); | |
| 356 | GLint image_height = 0; | |
| 4db25562 | 357 | @@ -498,7 +496,7 @@ __glXConvolutionFilter1DReqSize(const GL |
| 7217e0ca ML |
358 | } |
| 359 | ||
| 360 | int | |
| 361 | -__glXConvolutionFilter2DReqSize(const GLbyte * pc, Bool swap) | |
| 362 | +__glXConvolutionFilter2DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 363 | { | |
| 364 | GLint row_length = *(GLint *) (pc + 4); | |
| 365 | GLint image_height = 0; | |
| 4db25562 | 366 | @@ -528,7 +526,7 @@ __glXConvolutionFilter2DReqSize(const GL |
| 7217e0ca ML |
367 | } |
| 368 | ||
| 369 | int | |
| 370 | -__glXConvolutionParameterfvReqSize(const GLbyte * pc, Bool swap) | |
| 371 | +__glXConvolutionParameterfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 372 | { | |
| 373 | GLenum pname = *(GLenum *) (pc + 4); | |
| 374 | GLsizei compsize; | |
| 4db25562 | 375 | @@ -538,11 +536,11 @@ __glXConvolutionParameterfvReqSize(const |
| 7217e0ca ML |
376 | } |
| 377 | ||
| 378 | compsize = __glConvolutionParameterfv_size(pname); | |
| 379 | - return __GLX_PAD((compsize * 4)); | |
| 380 | + return safe_pad(safe_mul(compsize, 4)); | |
| 381 | } | |
| 382 | ||
| 383 | int | |
| 384 | -__glXTexImage3DReqSize(const GLbyte * pc, Bool swap) | |
| 385 | +__glXTexImage3DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 386 | { | |
| 387 | GLint row_length = *(GLint *) (pc + 4); | |
| 388 | GLint image_height = *(GLint *) (pc + 8); | |
| 4db25562 | 389 | @@ -579,7 +577,7 @@ __glXTexImage3DReqSize(const GLbyte * pc |
| 7217e0ca ML |
390 | } |
| 391 | ||
| 392 | int | |
| 393 | -__glXTexSubImage3DReqSize(const GLbyte * pc, Bool swap) | |
| 394 | +__glXTexSubImage3DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 395 | { | |
| 396 | GLint row_length = *(GLint *) (pc + 4); | |
| 397 | GLint image_height = *(GLint *) (pc + 8); | |
| 4db25562 | 398 | @@ -613,7 +611,7 @@ __glXTexSubImage3DReqSize(const GLbyte * |
| 7217e0ca ML |
399 | } |
| 400 | ||
| 401 | int | |
| 402 | -__glXCompressedTexImage1DReqSize(const GLbyte * pc, Bool swap) | |
| 403 | +__glXCompressedTexImage1DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 404 | { | |
| 405 | GLsizei imageSize = *(GLsizei *) (pc + 20); | |
| 406 | ||
| 4db25562 | 407 | @@ -621,11 +619,11 @@ __glXCompressedTexImage1DReqSize(const G |
| 7217e0ca ML |
408 | imageSize = bswap_32(imageSize); |
| 409 | } | |
| 410 | ||
| 411 | - return __GLX_PAD(imageSize); | |
| 412 | + return safe_pad(imageSize); | |
| 413 | } | |
| 414 | ||
| 415 | int | |
| 416 | -__glXCompressedTexImage2DReqSize(const GLbyte * pc, Bool swap) | |
| 417 | +__glXCompressedTexImage2DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 418 | { | |
| 419 | GLsizei imageSize = *(GLsizei *) (pc + 24); | |
| 420 | ||
| 4db25562 | 421 | @@ -633,11 +631,11 @@ __glXCompressedTexImage2DReqSize(const G |
| 7217e0ca ML |
422 | imageSize = bswap_32(imageSize); |
| 423 | } | |
| 424 | ||
| 425 | - return __GLX_PAD(imageSize); | |
| 426 | + return safe_pad(imageSize); | |
| 427 | } | |
| 428 | ||
| 429 | int | |
| 430 | -__glXCompressedTexImage3DReqSize(const GLbyte * pc, Bool swap) | |
| 431 | +__glXCompressedTexImage3DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 432 | { | |
| 433 | GLsizei imageSize = *(GLsizei *) (pc + 28); | |
| 434 | ||
| 4db25562 | 435 | @@ -645,11 +643,11 @@ __glXCompressedTexImage3DReqSize(const G |
| 7217e0ca ML |
436 | imageSize = bswap_32(imageSize); |
| 437 | } | |
| 438 | ||
| 439 | - return __GLX_PAD(imageSize); | |
| 440 | + return safe_pad(imageSize); | |
| 441 | } | |
| 442 | ||
| 443 | int | |
| 444 | -__glXCompressedTexSubImage3DReqSize(const GLbyte * pc, Bool swap) | |
| 445 | +__glXCompressedTexSubImage3DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 446 | { | |
| 447 | GLsizei imageSize = *(GLsizei *) (pc + 36); | |
| 448 | ||
| 4db25562 | 449 | @@ -657,11 +655,11 @@ __glXCompressedTexSubImage3DReqSize(cons |
| 7217e0ca ML |
450 | imageSize = bswap_32(imageSize); |
| 451 | } | |
| 452 | ||
| 453 | - return __GLX_PAD(imageSize); | |
| 454 | + return safe_pad(imageSize); | |
| 455 | } | |
| 456 | ||
| 457 | int | |
| 458 | -__glXPointParameterfvReqSize(const GLbyte * pc, Bool swap) | |
| 459 | +__glXPointParameterfvReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 460 | { | |
| 461 | GLenum pname = *(GLenum *) (pc + 0); | |
| 462 | GLsizei compsize; | |
| 4db25562 | 463 | @@ -671,11 +669,11 @@ __glXPointParameterfvReqSize(const GLbyt |
| 7217e0ca ML |
464 | } |
| 465 | ||
| 466 | compsize = __glPointParameterfv_size(pname); | |
| 467 | - return __GLX_PAD((compsize * 4)); | |
| 468 | + return safe_pad(safe_mul(compsize, 4)); | |
| 469 | } | |
| 470 | ||
| 471 | int | |
| 472 | -__glXDrawBuffersReqSize(const GLbyte * pc, Bool swap) | |
| 473 | +__glXDrawBuffersReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 474 | { | |
| 475 | GLsizei n = *(GLsizei *) (pc + 0); | |
| 476 | ||
| 4db25562 | 477 | @@ -683,11 +681,11 @@ __glXDrawBuffersReqSize(const GLbyte * p |
| 7217e0ca ML |
478 | n = bswap_32(n); |
| 479 | } | |
| 480 | ||
| 481 | - return __GLX_PAD((n * 4)); | |
| 482 | + return safe_pad(safe_mul(n, 4)); | |
| 483 | } | |
| 484 | ||
| 485 | int | |
| 486 | -__glXProgramStringARBReqSize(const GLbyte * pc, Bool swap) | |
| 487 | +__glXProgramStringARBReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 488 | { | |
| 489 | GLsizei len = *(GLsizei *) (pc + 8); | |
| 490 | ||
| 4db25562 | 491 | @@ -695,11 +693,11 @@ __glXProgramStringARBReqSize(const GLbyt |
| 7217e0ca ML |
492 | len = bswap_32(len); |
| 493 | } | |
| 494 | ||
| 495 | - return __GLX_PAD(len); | |
| 496 | + return safe_pad(len); | |
| 497 | } | |
| 498 | ||
| 499 | int | |
| 500 | -__glXVertexAttribs1dvNVReqSize(const GLbyte * pc, Bool swap) | |
| 501 | +__glXVertexAttribs1dvNVReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 502 | { | |
| 503 | GLsizei n = *(GLsizei *) (pc + 4); | |
| 504 | ||
| 4db25562 | 505 | @@ -707,11 +705,11 @@ __glXVertexAttribs1dvNVReqSize(const GLb |
| 7217e0ca ML |
506 | n = bswap_32(n); |
| 507 | } | |
| 508 | ||
| 509 | - return __GLX_PAD((n * 8)); | |
| 510 | + return safe_pad(safe_mul(n, 8)); | |
| 511 | } | |
| 512 | ||
| 513 | int | |
| 514 | -__glXVertexAttribs2dvNVReqSize(const GLbyte * pc, Bool swap) | |
| 515 | +__glXVertexAttribs2dvNVReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 516 | { | |
| 517 | GLsizei n = *(GLsizei *) (pc + 4); | |
| 518 | ||
| 4db25562 | 519 | @@ -719,11 +717,11 @@ __glXVertexAttribs2dvNVReqSize(const GLb |
| 7217e0ca ML |
520 | n = bswap_32(n); |
| 521 | } | |
| 522 | ||
| 523 | - return __GLX_PAD((n * 16)); | |
| 524 | + return safe_pad(safe_mul(n, 16)); | |
| 525 | } | |
| 526 | ||
| 527 | int | |
| 528 | -__glXVertexAttribs3dvNVReqSize(const GLbyte * pc, Bool swap) | |
| 529 | +__glXVertexAttribs3dvNVReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 530 | { | |
| 531 | GLsizei n = *(GLsizei *) (pc + 4); | |
| 532 | ||
| 4db25562 | 533 | @@ -731,11 +729,11 @@ __glXVertexAttribs3dvNVReqSize(const GLb |
| 7217e0ca ML |
534 | n = bswap_32(n); |
| 535 | } | |
| 536 | ||
| 537 | - return __GLX_PAD((n * 24)); | |
| 538 | + return safe_pad(safe_mul(n, 24)); | |
| 539 | } | |
| 540 | ||
| 541 | int | |
| 542 | -__glXVertexAttribs3fvNVReqSize(const GLbyte * pc, Bool swap) | |
| 543 | +__glXVertexAttribs3fvNVReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 544 | { | |
| 545 | GLsizei n = *(GLsizei *) (pc + 4); | |
| 546 | ||
| 4db25562 | 547 | @@ -743,11 +741,11 @@ __glXVertexAttribs3fvNVReqSize(const GLb |
| 7217e0ca ML |
548 | n = bswap_32(n); |
| 549 | } | |
| 550 | ||
| 551 | - return __GLX_PAD((n * 12)); | |
| 552 | + return safe_pad(safe_mul(n, 12)); | |
| 553 | } | |
| 554 | ||
| 555 | int | |
| 556 | -__glXVertexAttribs3svNVReqSize(const GLbyte * pc, Bool swap) | |
| 557 | +__glXVertexAttribs3svNVReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 558 | { | |
| 559 | GLsizei n = *(GLsizei *) (pc + 4); | |
| 560 | ||
| 4db25562 | 561 | @@ -755,11 +753,11 @@ __glXVertexAttribs3svNVReqSize(const GLb |
| 7217e0ca ML |
562 | n = bswap_32(n); |
| 563 | } | |
| 564 | ||
| 565 | - return __GLX_PAD((n * 6)); | |
| 566 | + return safe_pad(safe_mul(n, 6)); | |
| 567 | } | |
| 568 | ||
| 569 | int | |
| 570 | -__glXVertexAttribs4dvNVReqSize(const GLbyte * pc, Bool swap) | |
| 571 | +__glXVertexAttribs4dvNVReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 572 | { | |
| 573 | GLsizei n = *(GLsizei *) (pc + 4); | |
| 574 | ||
| 4db25562 | 575 | @@ -767,7 +765,7 @@ __glXVertexAttribs4dvNVReqSize(const GLb |
| 7217e0ca ML |
576 | n = bswap_32(n); |
| 577 | } | |
| 578 | ||
| 579 | - return __GLX_PAD((n * 32)); | |
| 580 | + return safe_pad(safe_mul(n, 32)); | |
| 581 | } | |
| 582 | ||
| 583 | ALIAS(Fogiv, Fogfv) | |
| 4db25562 JB |
584 | --- a/glx/indirect_reqsize.h |
| 585 | +++ b/glx/indirect_reqsize.h | |
| 7217e0ca ML |
586 | @@ -36,115 +36,156 @@ |
| 587 | #define PURE | |
| 588 | #endif | |
| 589 | ||
| 590 | -extern PURE _X_HIDDEN int __glXCallListsReqSize(const GLbyte * pc, Bool swap); | |
| 591 | -extern PURE _X_HIDDEN int __glXBitmapReqSize(const GLbyte * pc, Bool swap); | |
| 592 | -extern PURE _X_HIDDEN int __glXFogfvReqSize(const GLbyte * pc, Bool swap); | |
| 593 | -extern PURE _X_HIDDEN int __glXFogivReqSize(const GLbyte * pc, Bool swap); | |
| 594 | -extern PURE _X_HIDDEN int __glXLightfvReqSize(const GLbyte * pc, Bool swap); | |
| 595 | -extern PURE _X_HIDDEN int __glXLightivReqSize(const GLbyte * pc, Bool swap); | |
| 596 | -extern PURE _X_HIDDEN int __glXLightModelfvReqSize(const GLbyte * pc, | |
| 597 | - Bool swap); | |
| 598 | -extern PURE _X_HIDDEN int __glXLightModelivReqSize(const GLbyte * pc, | |
| 599 | - Bool swap); | |
| 600 | -extern PURE _X_HIDDEN int __glXMaterialfvReqSize(const GLbyte * pc, Bool swap); | |
| 601 | -extern PURE _X_HIDDEN int __glXMaterialivReqSize(const GLbyte * pc, Bool swap); | |
| 602 | +extern PURE _X_HIDDEN int __glXCallListsReqSize(const GLbyte * pc, Bool swap, | |
| 603 | + int reqlen); | |
| 604 | +extern PURE _X_HIDDEN int __glXBitmapReqSize(const GLbyte * pc, Bool swap, | |
| 605 | + int reqlen); | |
| 606 | +extern PURE _X_HIDDEN int __glXFogfvReqSize(const GLbyte * pc, Bool swap, | |
| 607 | + int reqlen); | |
| 608 | +extern PURE _X_HIDDEN int __glXFogivReqSize(const GLbyte * pc, Bool swap, | |
| 609 | + int reqlen); | |
| 610 | +extern PURE _X_HIDDEN int __glXLightfvReqSize(const GLbyte * pc, Bool swap, | |
| 611 | + int reqlen); | |
| 612 | +extern PURE _X_HIDDEN int __glXLightivReqSize(const GLbyte * pc, Bool swap, | |
| 613 | + int reqlen); | |
| 614 | +extern PURE _X_HIDDEN int __glXLightModelfvReqSize(const GLbyte * pc, Bool swap, | |
| 615 | + int reqlen); | |
| 616 | +extern PURE _X_HIDDEN int __glXLightModelivReqSize(const GLbyte * pc, Bool swap, | |
| 617 | + int reqlen); | |
| 618 | +extern PURE _X_HIDDEN int __glXMaterialfvReqSize(const GLbyte * pc, Bool swap, | |
| 619 | + int reqlen); | |
| 620 | +extern PURE _X_HIDDEN int __glXMaterialivReqSize(const GLbyte * pc, Bool swap, | |
| 621 | + int reqlen); | |
| 622 | extern PURE _X_HIDDEN int __glXPolygonStippleReqSize(const GLbyte * pc, | |
| 623 | - Bool swap); | |
| 624 | + Bool swap, int reqlen); | |
| 625 | extern PURE _X_HIDDEN int __glXTexParameterfvReqSize(const GLbyte * pc, | |
| 626 | - Bool swap); | |
| 627 | + Bool swap, int reqlen); | |
| 628 | extern PURE _X_HIDDEN int __glXTexParameterivReqSize(const GLbyte * pc, | |
| 629 | - Bool swap); | |
| 630 | -extern PURE _X_HIDDEN int __glXTexImage1DReqSize(const GLbyte * pc, Bool swap); | |
| 631 | -extern PURE _X_HIDDEN int __glXTexImage2DReqSize(const GLbyte * pc, Bool swap); | |
| 632 | -extern PURE _X_HIDDEN int __glXTexEnvfvReqSize(const GLbyte * pc, Bool swap); | |
| 633 | -extern PURE _X_HIDDEN int __glXTexEnvivReqSize(const GLbyte * pc, Bool swap); | |
| 634 | -extern PURE _X_HIDDEN int __glXTexGendvReqSize(const GLbyte * pc, Bool swap); | |
| 635 | -extern PURE _X_HIDDEN int __glXTexGenfvReqSize(const GLbyte * pc, Bool swap); | |
| 636 | -extern PURE _X_HIDDEN int __glXTexGenivReqSize(const GLbyte * pc, Bool swap); | |
| 637 | -extern PURE _X_HIDDEN int __glXMap1dReqSize(const GLbyte * pc, Bool swap); | |
| 638 | -extern PURE _X_HIDDEN int __glXMap1fReqSize(const GLbyte * pc, Bool swap); | |
| 639 | -extern PURE _X_HIDDEN int __glXMap2dReqSize(const GLbyte * pc, Bool swap); | |
| 640 | -extern PURE _X_HIDDEN int __glXMap2fReqSize(const GLbyte * pc, Bool swap); | |
| 641 | -extern PURE _X_HIDDEN int __glXPixelMapfvReqSize(const GLbyte * pc, Bool swap); | |
| 642 | -extern PURE _X_HIDDEN int __glXPixelMapuivReqSize(const GLbyte * pc, Bool swap); | |
| 643 | -extern PURE _X_HIDDEN int __glXPixelMapusvReqSize(const GLbyte * pc, Bool swap); | |
| 644 | -extern PURE _X_HIDDEN int __glXDrawPixelsReqSize(const GLbyte * pc, Bool swap); | |
| 645 | -extern PURE _X_HIDDEN int __glXDrawArraysReqSize(const GLbyte * pc, Bool swap); | |
| 646 | + Bool swap, int reqlen); | |
| 647 | +extern PURE _X_HIDDEN int __glXTexImage1DReqSize(const GLbyte * pc, Bool swap, | |
| 648 | + int reqlen); | |
| 649 | +extern PURE _X_HIDDEN int __glXTexImage2DReqSize(const GLbyte * pc, Bool swap, | |
| 650 | + int reqlen); | |
| 651 | +extern PURE _X_HIDDEN int __glXTexEnvfvReqSize(const GLbyte * pc, Bool swap, | |
| 652 | + int reqlen); | |
| 653 | +extern PURE _X_HIDDEN int __glXTexEnvivReqSize(const GLbyte * pc, Bool swap, | |
| 654 | + int reqlen); | |
| 655 | +extern PURE _X_HIDDEN int __glXTexGendvReqSize(const GLbyte * pc, Bool swap, | |
| 656 | + int reqlen); | |
| 657 | +extern PURE _X_HIDDEN int __glXTexGenfvReqSize(const GLbyte * pc, Bool swap, | |
| 658 | + int reqlen); | |
| 659 | +extern PURE _X_HIDDEN int __glXTexGenivReqSize(const GLbyte * pc, Bool swap, | |
| 660 | + int reqlen); | |
| 661 | +extern PURE _X_HIDDEN int __glXMap1dReqSize(const GLbyte * pc, Bool swap, | |
| 662 | + int reqlen); | |
| 663 | +extern PURE _X_HIDDEN int __glXMap1fReqSize(const GLbyte * pc, Bool swap, | |
| 664 | + int reqlen); | |
| 665 | +extern PURE _X_HIDDEN int __glXMap2dReqSize(const GLbyte * pc, Bool swap, | |
| 666 | + int reqlen); | |
| 667 | +extern PURE _X_HIDDEN int __glXMap2fReqSize(const GLbyte * pc, Bool swap, | |
| 668 | + int reqlen); | |
| 669 | +extern PURE _X_HIDDEN int __glXPixelMapfvReqSize(const GLbyte * pc, Bool swap, | |
| 670 | + int reqlen); | |
| 671 | +extern PURE _X_HIDDEN int __glXPixelMapuivReqSize(const GLbyte * pc, Bool swap, | |
| 672 | + int reqlen); | |
| 673 | +extern PURE _X_HIDDEN int __glXPixelMapusvReqSize(const GLbyte * pc, Bool swap, | |
| 674 | + int reqlen); | |
| 675 | +extern PURE _X_HIDDEN int __glXDrawPixelsReqSize(const GLbyte * pc, Bool swap, | |
| 676 | + int reqlen); | |
| 677 | +extern PURE _X_HIDDEN int __glXDrawArraysReqSize(const GLbyte * pc, Bool swap, | |
| 678 | + int reqlen); | |
| 679 | extern PURE _X_HIDDEN int __glXPrioritizeTexturesReqSize(const GLbyte * pc, | |
| 680 | - Bool swap); | |
| 681 | + Bool swap, int reqlen); | |
| 682 | extern PURE _X_HIDDEN int __glXTexSubImage1DReqSize(const GLbyte * pc, | |
| 683 | - Bool swap); | |
| 684 | + Bool swap, int reqlen); | |
| 685 | extern PURE _X_HIDDEN int __glXTexSubImage2DReqSize(const GLbyte * pc, | |
| 686 | - Bool swap); | |
| 687 | -extern PURE _X_HIDDEN int __glXColorTableReqSize(const GLbyte * pc, Bool swap); | |
| 688 | + Bool swap, int reqlen); | |
| 689 | +extern PURE _X_HIDDEN int __glXColorTableReqSize(const GLbyte * pc, Bool swap, | |
| 690 | + int reqlen); | |
| 691 | extern PURE _X_HIDDEN int __glXColorTableParameterfvReqSize(const GLbyte * pc, | |
| 692 | - Bool swap); | |
| 693 | + Bool swap, | |
| 694 | + int reqlen); | |
| 695 | extern PURE _X_HIDDEN int __glXColorTableParameterivReqSize(const GLbyte * pc, | |
| 696 | - Bool swap); | |
| 697 | + Bool swap, | |
| 698 | + int reqlen); | |
| 699 | extern PURE _X_HIDDEN int __glXColorSubTableReqSize(const GLbyte * pc, | |
| 700 | - Bool swap); | |
| 701 | + Bool swap, int reqlen); | |
| 702 | extern PURE _X_HIDDEN int __glXConvolutionFilter1DReqSize(const GLbyte * pc, | |
| 703 | - Bool swap); | |
| 704 | + Bool swap, | |
| 705 | + int reqlen); | |
| 706 | extern PURE _X_HIDDEN int __glXConvolutionFilter2DReqSize(const GLbyte * pc, | |
| 707 | - Bool swap); | |
| 708 | + Bool swap, | |
| 709 | + int reqlen); | |
| 710 | extern PURE _X_HIDDEN int __glXConvolutionParameterfvReqSize(const GLbyte * pc, | |
| 711 | - Bool swap); | |
| 712 | + Bool swap, | |
| 713 | + int reqlen); | |
| 714 | extern PURE _X_HIDDEN int __glXConvolutionParameterivReqSize(const GLbyte * pc, | |
| 715 | - Bool swap); | |
| 716 | + Bool swap, | |
| 717 | + int reqlen); | |
| 718 | extern PURE _X_HIDDEN int __glXSeparableFilter2DReqSize(const GLbyte * pc, | |
| 719 | - Bool swap); | |
| 720 | -extern PURE _X_HIDDEN int __glXTexImage3DReqSize(const GLbyte * pc, Bool swap); | |
| 721 | + Bool swap, int reqlen); | |
| 722 | +extern PURE _X_HIDDEN int __glXTexImage3DReqSize(const GLbyte * pc, Bool swap, | |
| 723 | + int reqlen); | |
| 724 | extern PURE _X_HIDDEN int __glXTexSubImage3DReqSize(const GLbyte * pc, | |
| 725 | - Bool swap); | |
| 726 | + Bool swap, int reqlen); | |
| 727 | extern PURE _X_HIDDEN int __glXCompressedTexImage1DReqSize(const GLbyte * pc, | |
| 728 | - Bool swap); | |
| 729 | + Bool swap, | |
| 730 | + int reqlen); | |
| 731 | extern PURE _X_HIDDEN int __glXCompressedTexImage2DReqSize(const GLbyte * pc, | |
| 732 | - Bool swap); | |
| 733 | + Bool swap, | |
| 734 | + int reqlen); | |
| 735 | extern PURE _X_HIDDEN int __glXCompressedTexImage3DReqSize(const GLbyte * pc, | |
| 736 | - Bool swap); | |
| 737 | + Bool swap, | |
| 738 | + int reqlen); | |
| 739 | extern PURE _X_HIDDEN int __glXCompressedTexSubImage1DReqSize(const GLbyte * pc, | |
| 740 | - Bool swap); | |
| 741 | + Bool swap, | |
| 742 | + int reqlen); | |
| 743 | extern PURE _X_HIDDEN int __glXCompressedTexSubImage2DReqSize(const GLbyte * pc, | |
| 744 | - Bool swap); | |
| 745 | + Bool swap, | |
| 746 | + int reqlen); | |
| 747 | extern PURE _X_HIDDEN int __glXCompressedTexSubImage3DReqSize(const GLbyte * pc, | |
| 748 | - Bool swap); | |
| 749 | + Bool swap, | |
| 750 | + int reqlen); | |
| 751 | extern PURE _X_HIDDEN int __glXPointParameterfvReqSize(const GLbyte * pc, | |
| 752 | - Bool swap); | |
| 753 | + Bool swap, int reqlen); | |
| 754 | extern PURE _X_HIDDEN int __glXPointParameterivReqSize(const GLbyte * pc, | |
| 755 | - Bool swap); | |
| 756 | -extern PURE _X_HIDDEN int __glXDrawBuffersReqSize(const GLbyte * pc, Bool swap); | |
| 757 | + Bool swap, int reqlen); | |
| 758 | +extern PURE _X_HIDDEN int __glXDrawBuffersReqSize(const GLbyte * pc, Bool swap, | |
| 759 | + int reqlen); | |
| 760 | extern PURE _X_HIDDEN int __glXProgramStringARBReqSize(const GLbyte * pc, | |
| 761 | - Bool swap); | |
| 762 | + Bool swap, int reqlen); | |
| 763 | extern PURE _X_HIDDEN int __glXDeleteFramebuffersReqSize(const GLbyte * pc, | |
| 764 | - Bool swap); | |
| 765 | + Bool swap, int reqlen); | |
| 766 | extern PURE _X_HIDDEN int __glXDeleteRenderbuffersReqSize(const GLbyte * pc, | |
| 767 | - Bool swap); | |
| 768 | + Bool swap, | |
| 769 | + int reqlen); | |
| 770 | extern PURE _X_HIDDEN int __glXVertexAttribs1dvNVReqSize(const GLbyte * pc, | |
| 771 | - Bool swap); | |
| 772 | + Bool swap, int reqlen); | |
| 773 | extern PURE _X_HIDDEN int __glXVertexAttribs1fvNVReqSize(const GLbyte * pc, | |
| 774 | - Bool swap); | |
| 775 | + Bool swap, int reqlen); | |
| 776 | extern PURE _X_HIDDEN int __glXVertexAttribs1svNVReqSize(const GLbyte * pc, | |
| 777 | - Bool swap); | |
| 778 | + Bool swap, int reqlen); | |
| 779 | extern PURE _X_HIDDEN int __glXVertexAttribs2dvNVReqSize(const GLbyte * pc, | |
| 780 | - Bool swap); | |
| 781 | + Bool swap, int reqlen); | |
| 782 | extern PURE _X_HIDDEN int __glXVertexAttribs2fvNVReqSize(const GLbyte * pc, | |
| 783 | - Bool swap); | |
| 784 | + Bool swap, int reqlen); | |
| 785 | extern PURE _X_HIDDEN int __glXVertexAttribs2svNVReqSize(const GLbyte * pc, | |
| 786 | - Bool swap); | |
| 787 | + Bool swap, int reqlen); | |
| 788 | extern PURE _X_HIDDEN int __glXVertexAttribs3dvNVReqSize(const GLbyte * pc, | |
| 789 | - Bool swap); | |
| 790 | + Bool swap, int reqlen); | |
| 791 | extern PURE _X_HIDDEN int __glXVertexAttribs3fvNVReqSize(const GLbyte * pc, | |
| 792 | - Bool swap); | |
| 793 | + Bool swap, int reqlen); | |
| 794 | extern PURE _X_HIDDEN int __glXVertexAttribs3svNVReqSize(const GLbyte * pc, | |
| 795 | - Bool swap); | |
| 796 | + Bool swap, int reqlen); | |
| 797 | extern PURE _X_HIDDEN int __glXVertexAttribs4dvNVReqSize(const GLbyte * pc, | |
| 798 | - Bool swap); | |
| 799 | + Bool swap, int reqlen); | |
| 800 | extern PURE _X_HIDDEN int __glXVertexAttribs4fvNVReqSize(const GLbyte * pc, | |
| 801 | - Bool swap); | |
| 802 | + Bool swap, int reqlen); | |
| 803 | extern PURE _X_HIDDEN int __glXVertexAttribs4svNVReqSize(const GLbyte * pc, | |
| 804 | - Bool swap); | |
| 805 | + Bool swap, int reqlen); | |
| 806 | extern PURE _X_HIDDEN int __glXVertexAttribs4ubvNVReqSize(const GLbyte * pc, | |
| 807 | - Bool swap); | |
| 808 | + Bool swap, | |
| 809 | + int reqlen); | |
| 810 | ||
| 811 | #undef PURE | |
| 812 | ||
| 4db25562 JB |
813 | --- a/glx/rensize.c |
| 814 | +++ b/glx/rensize.c | |
| 7217e0ca ML |
815 | @@ -44,7 +44,7 @@ |
| 816 | ((a & 0xff00U)<<8) | ((a & 0xffU)<<24)) | |
| 817 | ||
| 818 | int | |
| 819 | -__glXMap1dReqSize(const GLbyte * pc, Bool swap) | |
| 820 | +__glXMap1dReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 821 | { | |
| 822 | GLenum target; | |
| 823 | GLint order; | |
| 4db25562 | 824 | @@ -61,7 +61,7 @@ __glXMap1dReqSize(const GLbyte * pc, Boo |
| 7217e0ca ML |
825 | } |
| 826 | ||
| 827 | int | |
| 828 | -__glXMap1fReqSize(const GLbyte * pc, Bool swap) | |
| 829 | +__glXMap1fReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 830 | { | |
| 831 | GLenum target; | |
| 832 | GLint order; | |
| 4db25562 | 833 | @@ -86,7 +86,7 @@ Map2Size(int k, int majorOrder, int mino |
| 7217e0ca ML |
834 | } |
| 835 | ||
| 836 | int | |
| 837 | -__glXMap2dReqSize(const GLbyte * pc, Bool swap) | |
| 838 | +__glXMap2dReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 839 | { | |
| 840 | GLenum target; | |
| 841 | GLint uorder, vorder; | |
| 4db25562 | 842 | @@ -103,7 +103,7 @@ __glXMap2dReqSize(const GLbyte * pc, Boo |
| 7217e0ca ML |
843 | } |
| 844 | ||
| 845 | int | |
| 846 | -__glXMap2fReqSize(const GLbyte * pc, Bool swap) | |
| 847 | +__glXMap2fReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 848 | { | |
| 849 | GLenum target; | |
| 850 | GLint uorder, vorder; | |
| 4db25562 | 851 | @@ -359,13 +359,14 @@ __glXTypeSize(GLenum enm) |
| 7217e0ca ML |
852 | } |
| 853 | ||
| 854 | int | |
| 855 | -__glXDrawArraysReqSize(const GLbyte * pc, Bool swap) | |
| 856 | +__glXDrawArraysReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 857 | { | |
| 858 | __GLXdispatchDrawArraysHeader *hdr = (__GLXdispatchDrawArraysHeader *) pc; | |
| 859 | __GLXdispatchDrawArraysComponentHeader *compHeader; | |
| 860 | GLint numVertexes = hdr->numVertexes; | |
| 861 | GLint numComponents = hdr->numComponents; | |
| 862 | GLint arrayElementSize = 0; | |
| 863 | + GLint x, size; | |
| 864 | int i; | |
| 865 | ||
| 866 | if (swap) { | |
| 4db25562 | 867 | @@ -374,6 +375,13 @@ __glXDrawArraysReqSize(const GLbyte * pc |
| 7217e0ca ML |
868 | } |
| 869 | ||
| 870 | pc += sizeof(__GLXdispatchDrawArraysHeader); | |
| 871 | + reqlen -= sizeof(__GLXdispatchDrawArraysHeader); | |
| 872 | + | |
| 873 | + size = safe_mul(sizeof(__GLXdispatchDrawArraysComponentHeader), | |
| 874 | + numComponents); | |
| 875 | + if (size < 0 || reqlen < 0 || reqlen < size) | |
| 876 | + return -1; | |
| 877 | + | |
| 878 | compHeader = (__GLXdispatchDrawArraysComponentHeader *) pc; | |
| 879 | ||
| 880 | for (i = 0; i < numComponents; i++) { | |
| 4db25562 | 881 | @@ -417,17 +425,18 @@ __glXDrawArraysReqSize(const GLbyte * pc |
| 7217e0ca ML |
882 | return -1; |
| 883 | } | |
| 884 | ||
| 885 | - arrayElementSize += __GLX_PAD(numVals * __glXTypeSize(datatype)); | |
| 886 | + x = safe_pad(safe_mul(numVals, __glXTypeSize(datatype))); | |
| 887 | + if ((arrayElementSize = safe_add(arrayElementSize, x)) < 0) | |
| 888 | + return -1; | |
| 889 | ||
| 890 | pc += sizeof(__GLXdispatchDrawArraysComponentHeader); | |
| 891 | } | |
| 892 | ||
| 893 | - return ((numComponents * sizeof(__GLXdispatchDrawArraysComponentHeader)) + | |
| 894 | - (numVertexes * arrayElementSize)); | |
| 895 | + return safe_add(size, safe_mul(numVertexes, arrayElementSize)); | |
| 896 | } | |
| 897 | ||
| 898 | int | |
| 899 | -__glXSeparableFilter2DReqSize(const GLbyte * pc, Bool swap) | |
| 900 | +__glXSeparableFilter2DReqSize(const GLbyte * pc, Bool swap, int reqlen) | |
| 901 | { | |
| 902 | __GLXdispatchConvolutionFilterHeader *hdr = | |
| 903 | (__GLXdispatchConvolutionFilterHeader *) pc; |