search

oizma / angleproject

Automatically exported from code.google.com/p/angleproject
Other
0 stars 0 forks source link

Make the interface for ShGetInfoLog and ShGetObjectCode more secure #8

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
const char* ShGetInfoLog(const ShHandle);
const char* ShGetObjectCode(const ShHandle);

These functions return null-terminated strings which can be exploited by a 
compromised process. Change the interface to be more like OpenGL shader 
functions:

enum ShCompilerInfo {
  SH_COMPILE_STATUS,
  SH_INFO_LOG_LENGTH,
  SH_DEBUG_LOG_LENGTH,
  SH_OBJECT_CODE_LENGTH,
}
int ShGetCompilerInfo(ShHandle compiler, ShCompilerInfo param);
void ShGetCompilerInfoLog(ShHandle compiler, int maxLength, int* length, char* 
infoLog);
void ShGetCompilerDebugLog(ShHandle compiler, int maxLength, int* length, char* 
debugLog);
void ShGetCompilerObjectCode(ShHandle compiler, int maxLength, int* length, 
char* objectCode);

Original issue reported on code.google.com by alokp@chromium.org on 16 Jun 2010 at 7:09

GoogleCodeExporter commented 9 years ago 
Fixed in r425.

Original comment by alokp@chromium.org on 20 Sep 2010 at 6:40

GoogleCodeExporter commented 9 years ago

Original comment by alokp@chromium.org on 20 Sep 2010 at 6:41