Hi
On Tue, Dec 13, 2016 at 5:27 PM P J P <ppan...@redhat.com> wrote:
> +-- On Tue, 13 Dec 2016, Gerd Hoffmann wrote --+
> | I guess we want throw an error (VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER)
> | in the error case then instead of leaving resp->hdr.type unset.
>
> I see, okay. Does the patch below look okay?
>
> ===
> diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
> index 758d33a..6ceeba3 100644
> --- a/hw/display/virtio-gpu-3d.c
> +++ b/hw/display/virtio-gpu-3d.c
> @@ -370,8 +370,12 @@ static void virgl_cmd_get_capset(VirtIOGPU *g,
>
> virgl_renderer_get_cap_set(gc.capset_id, &max_ver,
> &max_size);
> - resp = g_malloc(sizeof(*resp) + max_size);
> + if (!max_size) {
> + cmd->error = VIRTIO_GPU_RESP_ERR_INVALID_PARAMETER;
> + return;
> + }
>
> + resp = g_malloc(sizeof(*resp) + max_size);
> resp->hdr.type = VIRTIO_GPU_RESP_OK_CAPSET;
> virgl_renderer_fill_caps(gc.capset_id,
> gc.capset_version,
> ===
>
>
That looks good to me, waiting for the proper patch.
> Thank you.
> --
> Prasad J Pandit / Red Hat Product Security Team
> 47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
>
> --
Marc-André Lureau
