gnu: virglrenderer: Fix CVE-2017-6386.
* gnu/packages/patches/virglrenderer-CVE-2017-6386.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/spice.scm (virglrenderer)[source]: Use it.
This commit is contained in:
parent
ad172c4a76
commit
1e5b8beeff
@ -965,6 +965,7 @@ dist_patch_DATA = \
|
||||
%D%/packages/patches/upower-builddir.patch \
|
||||
%D%/packages/patches/valgrind-enable-arm.patch \
|
||||
%D%/packages/patches/vim-CVE-2017-5953.patch \
|
||||
%D%/packages/patches/virglrenderer-CVE-2017-6386.patch \
|
||||
%D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch \
|
||||
%D%/packages/patches/vorbis-tools-CVE-2014-9640.patch \
|
||||
%D%/packages/patches/vorbis-tools-CVE-2015-6749.patch \
|
||||
|
54
gnu/packages/patches/virglrenderer-CVE-2017-6386.patch
Normal file
54
gnu/packages/patches/virglrenderer-CVE-2017-6386.patch
Normal file
@ -0,0 +1,54 @@
|
||||
Fix CVE-2017-6386 (memory leak introduced by fix for CVE-2017-5994).
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5994
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920
|
||||
|
||||
From 737c3350850ca4dbc5633b3bdb4118176ce59920 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Airlie <airlied@redhat.com>
|
||||
Date: Tue, 28 Feb 2017 14:52:09 +1000
|
||||
Subject: renderer: fix memory leak in vertex elements state create
|
||||
|
||||
Reported-by: Li Qiang
|
||||
Free the vertex array in error path.
|
||||
This was introduced by this commit:
|
||||
renderer: fix heap overflow in vertex elements state create.
|
||||
|
||||
I rewrote the code to not require the allocation in the first
|
||||
place if we have an error, seems nicer.
|
||||
|
||||
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
||||
|
||||
diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
|
||||
index 1bca7ad..e5d9f5c 100644
|
||||
--- a/src/vrend_renderer.c
|
||||
+++ b/src/vrend_renderer.c
|
||||
@@ -1648,18 +1648,19 @@ int vrend_create_vertex_elements_state(struct vrend_context *ctx,
|
||||
unsigned num_elements,
|
||||
const struct pipe_vertex_element *elements)
|
||||
{
|
||||
- struct vrend_vertex_element_array *v = CALLOC_STRUCT(vrend_vertex_element_array);
|
||||
+ struct vrend_vertex_element_array *v;
|
||||
const struct util_format_description *desc;
|
||||
GLenum type;
|
||||
int i;
|
||||
uint32_t ret_handle;
|
||||
|
||||
- if (!v)
|
||||
- return ENOMEM;
|
||||
-
|
||||
if (num_elements > PIPE_MAX_ATTRIBS)
|
||||
return EINVAL;
|
||||
|
||||
+ v = CALLOC_STRUCT(vrend_vertex_element_array);
|
||||
+ if (!v)
|
||||
+ return ENOMEM;
|
||||
+
|
||||
v->count = num_elements;
|
||||
for (i = 0; i < num_elements; i++) {
|
||||
memcpy(&v->elements[i].base, &elements[i], sizeof(struct pipe_vertex_element));
|
||||
--
|
||||
cgit v0.10.2
|
||||
|
@ -102,6 +102,7 @@
|
||||
(uri (string-append
|
||||
"https://www.freedesktop.org/software/virgl/"
|
||||
"virglrenderer-" version ".tar.bz2"))
|
||||
(patches (search-patches "virglrenderer-CVE-2017-6386.patch"))
|
||||
(sha256
|
||||
(base32
|
||||
"06kf0q4l52gzx5p63l8850hff8pmhp7xv1hk8zgx2apbw18y6jd5"))))
|
||||
|
Loading…
Reference in New Issue
Block a user