mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 00:17:46 +00:00
Kernel: Fix buffer overflow in VirtIOGPU create_3d_resource(..)
This code attempts to copy the `Protocol::Resource3DSpecification` struct into request, starting at `Protocol::ResourceCreate3D::target` member of the `Protocol::ResourceCreate3D` struct. The problem is that the `Protocol::Resource3DSpecification` struct does not having the trailing `u32 padding` that the `ResourceCreate3D` struct has. Leading to memcopy overrunning the struct and corrupting 32 bits of data trailing the struct. Found by SonarCloud: - Memory copy function overflows the destination buffer.
This commit is contained in:
parent
af50895fa3
commit
c0ed656c94
3 changed files with 7 additions and 2 deletions
|
@ -328,6 +328,7 @@ struct Resource3DSpecification {
|
|||
u32 last_level;
|
||||
u32 nr_samples;
|
||||
u32 flags;
|
||||
u32 padding;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue