1
Description: crOpenGL: strict offset check
2
Origin: upstream, http://www.virtualbox.org/changeset/37432
3
Bug-Ubuntu: https://bugs.launchpad.net/bugs/816874
5
Index: trunk/src/VBox/HostServices/SharedOpenGL/crserver/crservice.cpp
6
===================================================================
7
--- trunk/src/VBox/HostServices/SharedOpenGL/crserver/crservice.cpp (revision 36846)
8
+++ trunk/src/VBox/HostServices/SharedOpenGL/crserver/crservice.cpp (revision 37432)
10
if (pBuffer->uiId == iBuffer)
12
+ if (pBuffer->uiSize!=cbBufferSize)
14
+ LogRel(("SHARED_CROPENGL svcGetBuffer: invalid buffer(%i) size %i instead of %i\n",
15
+ iBuffer, pBuffer->uiSize, cbBufferSize));
21
/* Execute the function. */
22
CRVBOXSVCBUFFER_t *pSvcBuffer = svcGetBuffer(iBuffer, cbBufferSize);
23
- if (!pSvcBuffer || ui32Offset+cbBuffer>cbBufferSize)
24
+ if (!pSvcBuffer || ((uint64_t)ui32Offset+cbBuffer)>cbBufferSize)
26
rc = VERR_INVALID_PARAMETER;