[vlc-commits] [Git][videolan/vlc][master] vout: opengl: tighten out of bounds check for base_fetch_locations

[Felix Paul Kühne (@fkuehne)]

Felix Paul Kühne pushed to branch master at VideoLAN / VLC


Commits:
af65a93f by Khalid Masum at 2026-04-17T19:17:09+02:00
vout: opengl: tighten out of bounds check for base_fetch_locations

While tex_count should be less than 10 so that Textures[X] glsl
variable definition string does not take an extra byte (and overflow),
from deeper inspection we can see that: tex_count > 5 causes invalid
access of uloc.Textures due to its size being PICTURE_PLANE_MAX (5).

Therefore, tighten the bound check to PICTURE_PLANE_MAX instead of
10.

Fixes: #29379 (Coverity 1666210)

- - - - -


1 changed file:

- modules/video_output/opengl/sampler.c


Changes:

=====================================
modules/video_output/opengl/sampler.c
=====================================
@@ -274,10 +274,13 @@ sampler_base_fetch_locations(struct vlc_gl_sampler *sampler, GLuint program)
     }
 
     const struct vlc_gl_format *glfmt = &sampler->glfmt;
-    /* To guarantee variable names length, we need to fix the number
-     * of texture from now on. */
     const unsigned tex_count = glfmt->tex_count;
-    if (tex_count >= 10)
+    /* To guarantee variable names length, we need to fix the number
+     * of texture from now on.
+     * tex_count > PICTURE_PLANE_MAX (5) would overflow uloc.Textures
+     * tex_count > 9 would overflow the char name[] string during
+     * snprintf operations. */
+    if (tex_count >= PICTURE_PLANE_MAX)
         vlc_assert_unreachable();
 
     for (unsigned i = 0; i < tex_count; ++i)



View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/af65a93fb917334cd66490ea78493912f2e516aa

-- 
View it on GitLab: https://code.videolan.org/videolan/vlc/-/commit/af65a93fb917334cd66490ea78493912f2e516aa
You're receiving this email because of your account on code.videolan.org.