Prevent invalid access to tbm plane's attribute arrays#153
Merged
JSUYA merged 1 commit intoflutter-tizen:masterfrom Feb 11, 2026
Merged
Prevent invalid access to tbm plane's attribute arrays#153JSUYA merged 1 commit intoflutter-tizen:masterfrom
JSUYA merged 1 commit intoflutter-tizen:masterfrom
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request aims to prevent a potential out-of-bounds memory access by introducing kTbmPlaneCountMax and capping the number of planes returned by tbm_surface_internal_get_num_planes. It correctly addresses a buffer overflow vulnerability that could lead to out-of-bounds access on arrays like plane_fd_ext, plane_offset_ext, plane_pitch_ext, and attribs. However, the current implementation of the plane count cap uses a signed/unsigned comparison that does not correctly handle potential negative error codes, which could still result in unintended behavior or crashes. Additionally, it would be beneficial to add a warning log when the number of planes is truncated to improve debuggability.
If tbm_surface_internal_get_num_planes() returns a value outside the array bounds, invalid access may occur. To prevent this, specify a maximum value.
JSUYA
force-pushed
the
prevent_invalid_tbm_planes
branch
from
06aacec to
a257792
Compare
xiaowei-guan
approved these changes
Feb 11, 2026
JSUYA
added a commit
to JSUYA/flutter-tizen
that referenced
this pull request
Feb 13, 2026
Engine(fcd10a63f40a4e3656b21d2ee6003a090a6b47b7) - flutter-tizen/flutter#26 Embedder(dd2f6ba563596fa04d08c0b39c4a63a951c5a8f4) - flutter-tizen/embedder#142 - flutter-tizen/embedder#145 - flutter-tizen/embedder#144 - flutter-tizen/embedder#140 - flutter-tizen/embedder#151 - flutter-tizen/embedder#153 - flutter-tizen/embedder#152 - flutter-tizen/embedder#154 - flutter-tizen/embedder#156
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If tbm_surface_internal_get_num_planes() returns a value outside the array bounds, invalid access may occur. To prevent this, specify a maximum value.