From 2fcaf7a529f1e8bbdfbea6c8d9d6703adf5f17ba Mon Sep 17 00:00:00 2001 From: Keith Whitwell Date: Tue, 10 May 2005 18:24:50 +0000 Subject: Ensure programs don't overflow allocated instruction store. --- src/mesa/tnl/t_vp_build.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/mesa/tnl/t_vp_build.c b/src/mesa/tnl/t_vp_build.c index c8caecc79b..678083293b 100644 --- a/src/mesa/tnl/t_vp_build.c +++ b/src/mesa/tnl/t_vp_build.c @@ -49,6 +49,8 @@ */ #define DISASSEM 0 +#define MAX_INSN 200 + /* Use uregs to represent registers internally, translate to Mesa's * expected formats on emit. * @@ -316,6 +318,11 @@ static void emit_op3fn(struct tnl_program *p, GLuint nr = p->program->Base.NumInstructions++; struct vp_instruction *inst = &p->program->Instructions[nr]; + if (p->program->Base.NumInstructions > MAX_INSN) { + _mesa_problem(p->ctx, "Out of instructions in emit_op3fn\n"); + return; + } + inst->Opcode = op; inst->StringPos = 0; inst->Data = 0; @@ -1133,7 +1140,7 @@ void _tnl_UpdateFixedFunctionProgram( GLcontext *ctx ) p.temp_flag = 0; p.temp_reserved = ~((1<Instructions = MALLOC(sizeof(struct vp_instruction) * 100); + p.program->Instructions = MALLOC(sizeof(struct vp_instruction) * MAX_INSN); /* Initialize the arb_program struct */ p.program->Base.String = 0; -- cgit v1.2.3