Thanks Jun, my question is less about the specific line of an array index being used without checking and more about which boundaries are being crossed with the function call:
Is vrend_set_single_ssbo() being called in the same address space as the main() function in your reproducer? Or is it happening in another process? Or virtual machine? Or host? If the array indexing happens in the same process, then the main() routine could just as well write to different places in memory in its own process without restriction, regardless of this fix. This fix would be a security fix if the array indexing is happening on the other side of a protection boundary, and I don't understand virgl anywhere near well enough to know that answer. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1950941 Title: Integer underflow in the vrend_decode_set_shader_buffers() on virglrenderer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/virglrenderer/+bug/1950941/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
