Re: [Mesa-dev] [PATCH] egl: move Null check to eglGetSyncAttribKHR to prevent Segfault

[Marek Olšák]

Reviewed-by: Marek Olšák 

Marek

On Wed, Feb 3, 2016 at 12:06 AM, Dongwon Kim  wrote:
> Null-check on "*value" is currently done in
> _eglGetSyncAttrib, which is after eglGetSyncAttribKHR
> attempts to copy data at 'value' to 'attrib'. Segfault
> is enevitable if value==NULL in this case. Therefore,
> null-check should be moved to beginning of
> eglGetSyncAttribKHR to avoid any possible segfaults.
>
> Signed-off-by: Dongwon Kim 
> ---
>  src/egl/main/eglapi.c  | 10 --
>  src/egl/main/eglsync.c |  3 ---
>  2 files changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/src/egl/main/eglapi.c b/src/egl/main/eglapi.c
> index 323634e..32f6823 100644
> --- a/src/egl/main/eglapi.c
> +++ b/src/egl/main/eglapi.c
> @@ -1555,8 +1555,14 @@ eglGetSyncAttrib(EGLDisplay dpy, EGLSync sync, EGLint 
> attribute, EGLAttrib *valu
>  static EGLBoolean EGLAPIENTRY
>  eglGetSyncAttribKHR(EGLDisplay dpy, EGLSync sync, EGLint attribute, EGLint 
> *value)
>  {
> -   EGLAttrib attrib = *value;
> -   EGLBoolean result = eglGetSyncAttrib(dpy, sync, attribute, );
> +   EGLAttrib attrib;
> +   EGLBoolean result;
> +
> +   if (!value)
> +  RETURN_EGL_ERROR(NULL, EGL_BAD_PARAMETER, EGL_FALSE);
> +
> +   attrib = *value;
> +   result = eglGetSyncAttrib(dpy, sync, attribute, );
>
> /* The EGL_KHR_fence_sync spec says this about eglGetSyncAttribKHR:
>  *
> diff --git a/src/egl/main/eglsync.c b/src/egl/main/eglsync.c
> index 3019e6e..999cb48 100644
> --- a/src/egl/main/eglsync.c
> +++ b/src/egl/main/eglsync.c
> @@ -144,9 +144,6 @@ EGLBoolean
>  _eglGetSyncAttrib(_EGLDriver *drv, _EGLDisplay *dpy, _EGLSync *sync,
>EGLint attribute, EGLAttrib *value)
>  {
> -   if (!value)
> -  return _eglError(EGL_BAD_PARAMETER, "eglGetSyncAttribKHR");
> -
> switch (attribute) {
> case EGL_SYNC_TYPE_KHR:
>*value = sync->Type;
> --
> 1.9.1
>
> ___
> mesa-dev mailing list
> mesa-dev@lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/mesa-dev
___
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev

[Mesa-dev] [PATCH] egl: move Null check to eglGetSyncAttribKHR to prevent Segfault

[Dongwon Kim]

Null-check on "*value" is currently done in
_eglGetSyncAttrib, which is after eglGetSyncAttribKHR
attempts to copy data at 'value' to 'attrib'. Segfault
is enevitable if value==NULL in this case. Therefore,
null-check should be moved to beginning of
eglGetSyncAttribKHR to avoid any possible segfaults.

Signed-off-by: Dongwon Kim 
---
 src/egl/main/eglapi.c  | 10 --
 src/egl/main/eglsync.c |  3 ---
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/egl/main/eglapi.c b/src/egl/main/eglapi.c
index 323634e..32f6823 100644
--- a/src/egl/main/eglapi.c
+++ b/src/egl/main/eglapi.c
@@ -1555,8 +1555,14 @@ eglGetSyncAttrib(EGLDisplay dpy, EGLSync sync, EGLint 
attribute, EGLAttrib *valu
 static EGLBoolean EGLAPIENTRY
 eglGetSyncAttribKHR(EGLDisplay dpy, EGLSync sync, EGLint attribute, EGLint 
*value)
 {
-   EGLAttrib attrib = *value;
-   EGLBoolean result = eglGetSyncAttrib(dpy, sync, attribute, );
+   EGLAttrib attrib;
+   EGLBoolean result;
+
+   if (!value)
+  RETURN_EGL_ERROR(NULL, EGL_BAD_PARAMETER, EGL_FALSE);
+
+   attrib = *value;
+   result = eglGetSyncAttrib(dpy, sync, attribute, );
 
/* The EGL_KHR_fence_sync spec says this about eglGetSyncAttribKHR:
 *
diff --git a/src/egl/main/eglsync.c b/src/egl/main/eglsync.c
index 3019e6e..999cb48 100644
--- a/src/egl/main/eglsync.c
+++ b/src/egl/main/eglsync.c
@@ -144,9 +144,6 @@ EGLBoolean
 _eglGetSyncAttrib(_EGLDriver *drv, _EGLDisplay *dpy, _EGLSync *sync,
   EGLint attribute, EGLAttrib *value)
 {
-   if (!value)
-  return _eglError(EGL_BAD_PARAMETER, "eglGetSyncAttribKHR");
-
switch (attribute) {
case EGL_SYNC_TYPE_KHR:
   *value = sync->Type;
-- 
1.9.1

___
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev