gpulib: don't corrupt memory on garbage commands

diff --git a/plugins/gpulib/gpu.c b/plugins/gpulib/gpu.c
index b23f8a8..9cf5841 100644 (file)
--- a/plugins/gpulib/gpu.c
+++ b/plugins/gpulib/gpu.c
@@ -614,6 +614,10 @@ long GPUdmaChain(uint32_t *rambase, uint32_t start_addr, uint32_t *progress_addr
     log_io(".chain %08lx #%d+%d\n",
       (long)(list - rambase) * 4, len, gpu.cmd_len);
     if (unlikely(gpu.cmd_len > 0)) {
+      if (gpu.cmd_len + len > ARRAY_SIZE(gpu.cmd_buffer)) {
+        log_anomaly("cmd_buffer overflow, likely garbage commands\n");
+        gpu.cmd_len = 0;
+      }
       memcpy(gpu.cmd_buffer + gpu.cmd_len, list + 1, len * 4);
       gpu.cmd_len += len;
       flush_cmd_buffer();