On Sat, Mar 5, 2016 at 9:53 AM, Michel Dänzer <[email protected]> wrote: > On 04.03.2016 04:46, Marek Olšák wrote: >> >> +/** >> + * Device information returned by Mesa. >> + */ >> +typedef struct _mesa_glinterop_device_info { >> + uint32_t size; /* size of this structure */ > > Callees determine how much data they can write by looking at these size > members of the *out parameters. That's pretty error-prone: If the > callers just pass in a pointer they received from malloc, forgetting to > initialize the size member, it'll have a random value, which is quite > likely larger than the actual size and what the callee expects as a > minimum, in which case the callee will write past the end of the > allocated memory => memory corruption, if not a security issue. > > If you still don't want to go for a version based scheme instead, I'd > suggest passing in the size as an explicit function parameter. (Or at > the very least, it needs to be documented very prominently that callers > must initialize out->size before calling in; but we know no matter how > well that is documented, it'll probably be ignored anyway sooner or > later...)
Version based it is then. _______________________________________________ mesa-dev mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/mesa-dev
