[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: gnu: virglrenderer: Fix CVE-2017-6386.
From: |
Leo Famulari |
Subject: |
01/02: gnu: virglrenderer: Fix CVE-2017-6386. |
Date: |
Thu, 16 Mar 2017 19:40:28 -0400 (EDT) |
lfam pushed a commit to branch master
in repository guix.
commit 1e5b8beeff95e0adf767f1c13963c39b794573fe
Author: Leo Famulari <address@hidden>
Date: Thu Mar 16 14:13:08 2017 -0400
gnu: virglrenderer: Fix CVE-2017-6386.
* gnu/packages/patches/virglrenderer-CVE-2017-6386.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/spice.scm (virglrenderer)[source]: Use it.
---
gnu/local.mk | 1 +
.../patches/virglrenderer-CVE-2017-6386.patch | 54 ++++++++++++++++++++++
gnu/packages/spice.scm | 1 +
3 files changed, 56 insertions(+)
diff --git a/gnu/local.mk b/gnu/local.mk
index b3aa79a..c1a15e9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -965,6 +965,7 @@ dist_patch_DATA =
\
%D%/packages/patches/upower-builddir.patch \
%D%/packages/patches/valgrind-enable-arm.patch \
%D%/packages/patches/vim-CVE-2017-5953.patch \
+ %D%/packages/patches/virglrenderer-CVE-2017-6386.patch \
%D%/packages/patches/vorbis-tools-CVE-2014-9638+CVE-2014-9639.patch
\
%D%/packages/patches/vorbis-tools-CVE-2014-9640.patch \
%D%/packages/patches/vorbis-tools-CVE-2015-6749.patch \
diff --git a/gnu/packages/patches/virglrenderer-CVE-2017-6386.patch
b/gnu/packages/patches/virglrenderer-CVE-2017-6386.patch
new file mode 100644
index 0000000..bd3bf10
--- /dev/null
+++ b/gnu/packages/patches/virglrenderer-CVE-2017-6386.patch
@@ -0,0 +1,54 @@
+Fix CVE-2017-6386 (memory leak introduced by fix for CVE-2017-5994).
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5994
+
+Patch copied from upstream source repository:
+
+https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920
+
+From 737c3350850ca4dbc5633b3bdb4118176ce59920 Mon Sep 17 00:00:00 2001
+From: Dave Airlie <address@hidden>
+Date: Tue, 28 Feb 2017 14:52:09 +1000
+Subject: renderer: fix memory leak in vertex elements state create
+
+Reported-by: Li Qiang
+Free the vertex array in error path.
+This was introduced by this commit:
+renderer: fix heap overflow in vertex elements state create.
+
+I rewrote the code to not require the allocation in the first
+place if we have an error, seems nicer.
+
+Signed-off-by: Dave Airlie <address@hidden>
+
+diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
+index 1bca7ad..e5d9f5c 100644
+--- a/src/vrend_renderer.c
++++ b/src/vrend_renderer.c
+@@ -1648,18 +1648,19 @@ int vrend_create_vertex_elements_state(struct
vrend_context *ctx,
+ unsigned num_elements,
+ const struct pipe_vertex_element
*elements)
+ {
+- struct vrend_vertex_element_array *v =
CALLOC_STRUCT(vrend_vertex_element_array);
++ struct vrend_vertex_element_array *v;
+ const struct util_format_description *desc;
+ GLenum type;
+ int i;
+ uint32_t ret_handle;
+
+- if (!v)
+- return ENOMEM;
+-
+ if (num_elements > PIPE_MAX_ATTRIBS)
+ return EINVAL;
+
++ v = CALLOC_STRUCT(vrend_vertex_element_array);
++ if (!v)
++ return ENOMEM;
++
+ v->count = num_elements;
+ for (i = 0; i < num_elements; i++) {
+ memcpy(&v->elements[i].base, &elements[i], sizeof(struct
pipe_vertex_element));
+--
+cgit v0.10.2
+
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 363a5e8..838db4b 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -102,6 +102,7 @@
(uri (string-append
"https://www.freedesktop.org/software/virgl/"
"virglrenderer-" version ".tar.bz2"))
+ (patches (search-patches "virglrenderer-CVE-2017-6386.patch"))
(sha256
(base32
"06kf0q4l52gzx5p63l8850hff8pmhp7xv1hk8zgx2apbw18y6jd5"))))