@@ -256,6 +256,9 @@ impl ProtocolHandler for X11ProtocolHandler {
256256 }
257257 } else if Some ( buf[ 0 ] ) == this. protocol_handler . dri3_ext_opcode {
258258 if buf[ 1 ] == DRI3_OPCODE_VERSION {
259+ if buf. len ( ) < 8 {
260+ return Ok ( StreamSendResult :: WantMore ) ;
261+ }
259262 buf[ 8 ] = buf[ 8 ] . min ( 3 ) ;
260263 } else if buf[ 1 ] == DRI3_OPCODE_OPEN {
261264 buf[ 0 ] = X11_OPCODE_NOP ;
@@ -280,6 +283,9 @@ impl ProtocolHandler for X11ProtocolHandler {
280283 resources. push ( res) ;
281284 finalizers. push ( X11ResourceFinalizer :: Gem ( finalizer) ) ;
282285 } else if buf[ 1 ] == DRI3_OPCODE_FENCE_FROM_FD {
286+ if buf. len ( ) < 12 {
287+ return Ok ( StreamSendResult :: WantMore ) ;
288+ }
283289 let xid = u32:: from_ne_bytes ( buf[ 8 ..12 ] . try_into ( ) . unwrap ( ) ) ;
284290 let fd = this. request_fds . remove ( 0 ) ;
285291 let filename = readlink ( format ! ( "/proc/self/fd/{}" , fd. as_raw_fd( ) ) . as_str ( ) ) ?;
@@ -288,6 +294,9 @@ impl ProtocolHandler for X11ProtocolHandler {
288294 let res = Self :: create_cross_vm_futex ( this, fd, xid, creds. pid ( ) , filename) ?;
289295 resources. push ( res) ;
290296 } else if buf[ 1 ] == DRI3_OPCODE_PIXMAP_FROM_BUFFERS {
297+ if buf. len ( ) < 12 {
298+ return Ok ( StreamSendResult :: WantMore ) ;
299+ }
291300 let num_bufs = buf[ 12 ] as usize ;
292301 for fd in this. request_fds . drain ( ..num_bufs) . collect :: < Vec < _ > > ( ) {
293302 let ( res, finalizer) = this. vgpu_id_from_prime ( fd) ?;
@@ -297,6 +306,9 @@ impl ProtocolHandler for X11ProtocolHandler {
297306 }
298307 } else if Some ( buf[ 0 ] ) == this. protocol_handler . sync_ext_opcode {
299308 if buf[ 1 ] == SYNC_OPCODE_DESTROY_FENCE {
309+ if buf. len ( ) < 8 {
310+ return Ok ( StreamSendResult :: WantMore ) ;
311+ }
300312 let xid = u32:: from_ne_bytes ( buf[ 4 ..8 ] . try_into ( ) . unwrap ( ) ) ;
301313 finalizers. push ( X11ResourceFinalizer :: Futex ( xid) ) ;
302314 }
0 commit comments