From 44b960a6453ec78d3cbb6624e6daaf8345d99dc4 Mon Sep 17 00:00:00 2001 From: Patrick Lerda Date: Thu, 25 May 2023 16:20:09 +0200 Subject: [PATCH] mesa/st: fix buffer overflow related to set_program_string() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For instance, this is triggered with "piglit/bin/ext_direct_state_access-named-program -auto -fbo": ==5695==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000050031 at pc 0x7f78dfca8d46 bp 0x7ffd9043b4a0 sp 0x7ffd9043ac50 READ of size 50 at 0x606000050031 thread T0 #0 0x7f78dfca8d45 (/usr/lib64/libasan.so.6+0x3fd45) #1 0x7f78d450b18f in set_program_string ../src/mesa/main/arbprogram.c:385 #2 0x7f78d3fdbd3e in execute_list ../src/mesa/main/dlist.c:13025 #3 0x7f78d40c2564 in _mesa_CallList ../src/mesa/main/dlist.c:13451 #4 0x7f78d42f380a in _mesa_unmarshal_CallList ../src/mesa/main/glthread_list.c:43 #5 0x7f78d38e85c5 in glthread_unmarshal_batch ../src/mesa/main/glthread.c:122 #6 0x7f78d38ea20d in _mesa_glthread_finish ../src/mesa/main/glthread.c:382 #7 0x7f78d38ea20d in _mesa_glthread_finish ../src/mesa/main/glthread.c:347 #8 0x7f78d3d73f69 in _mesa_marshal_IsProgramARB src/mapi/glapi/gen/marshal_generated2.c:4256 Fixes: 0b196b40a3ae ("mesa: don't compute the same SHA1 twice in glShaderSource") Signed-off-by: Patrick Lerda Reviewed-by: Marek Olšák Part-of: --- src/mesa/main/arbprogram.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mesa/main/arbprogram.c b/src/mesa/main/arbprogram.c index fbfd4a0385f..3911e55217c 100644 --- a/src/mesa/main/arbprogram.c +++ b/src/mesa/main/arbprogram.c @@ -382,7 +382,7 @@ set_program_string(struct gl_program *prog, GLenum target, GLenum format, GLsize gl_shader_stage stage = _mesa_program_enum_to_shader_stage(target); uint8_t sha1[SHA1_DIGEST_LENGTH]; - _mesa_sha1_compute(string, strlen(string), sha1); + _mesa_sha1_compute(string, len, sha1); /* Dump original shader source to MESA_SHADER_DUMP_PATH and replace * if corresponding entry found from MESA_SHADER_READ_PATH.