[vlc-commits] [Git][videolan/vlc][master] vout: opengl: tighten out of bounds check for base_fetch_locations
Felix Paul Kühne (@fkuehne)
gitlab at videolan.org
Fri Apr 17 18:38:45 UTC 2026
Felix Paul Kühne pushed to branch master at VideoLAN / VLC
Commits:
af65a93f by Khalid Masum at 2026-04-17T19:17:09+02:00
vout: opengl: tighten out of bounds check for base_fetch_locations
While tex_count should be less than 10 so that Textures[X] glsl
variable definition string does not take an extra byte (and overflow),
from deeper inspection we can see that: tex_count > 5 causes invalid
access of uloc.Textures due to its size being PICTURE_PLANE_MAX (5).
Therefore, tighten the bound check to PICTURE_PLANE_MAX instead of
10.
Fixes: #29379 (Coverity 1666210)
- - - - -
1 changed file:
- modules/video_output/opengl/sampler.c
Changes:
=====================================
modules/video_output/opengl/sampler.c
=====================================
@@ -274,10 +274,13 @@ sampler_base_fetch_locations(struct vlc_gl_sampler *sampler, GLuint program)
}
const struct vlc_gl_format *glfmt = &sampler->glfmt;
- /* To guarantee variable names length, we need to fix the number
- * of texture from now on. */
const unsigned tex_count = glfmt->tex_count;
- if (tex_count >= 10)
+ /* To guarantee variable names length, we need to fix the number
+ * of texture from now on.
+ * tex_count > PICTURE_PLANE_MAX (5) would overflow uloc.Textures
+ * tex_count > 9 would overflow the char name[] string during
+ * snprintf operations. */
+ if (tex_count >= PICTURE_PLANE_MAX)
vlc_assert_unreachable();
for (unsigned i = 0; i < tex_count; ++i)
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/af65a93fb917334cd66490ea78493912f2e516aa
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/af65a93fb917334cd66490ea78493912f2e516aa
You're receiving this email because of your account on code.videolan.org.
More information about the vlc-commits
mailing list