Fix CVE-2017-6386 (memory leak introduced by fix for CVE-2017-5994). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5994 Patch copied from upstream source repository: https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920 From 737c3350850ca4dbc5633b3bdb4118176ce59920 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Tue, 28 Feb 2017 14:52:09 +1000 Subject: renderer: fix memory leak in vertex elements state create Reported-by: Li Qiang Free the vertex array in error path. This was introduced by this commit: renderer: fix heap overflow in vertex elements state create. I rewrote the code to not require the allocation in the first place if we have an error, seems nicer. Signed-off-by: Dave Airlie diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c index 1bca7ad..e5d9f5c 100644 --- a/src/vrend_renderer.c +++ b/src/vrend_renderer.c @@ -1648,18 +1648,19 @@ int vrend_create_vertex_elements_state(struct vrend_context *ctx, unsigned num_elements, const struct pipe_vertex_element *elements) { - struct vrend_vertex_element_array *v = CALLOC_STRUCT(vrend_vertex_element_array); + struct vrend_vertex_element_array *v; const struct util_format_description *desc; GLenum type; int i; uint32_t ret_handle; - if (!v) - return ENOMEM; - if (num_elements > PIPE_MAX_ATTRIBS) return EINVAL; + v = CALLOC_STRUCT(vrend_vertex_element_array); + if (!v) + return ENOMEM; + v->count = num_elements; for (i = 0; i < num_elements; i++) { memcpy(&v->elements[i].base, &elements[i], sizeof(struct pipe_vertex_element)); -- cgit v0.10.2 e
path: root/nix/COPYING
='nohover'>
AgeCommit message (Expand)Author
AgeCommit message (Expand)Author
2023-06-14gnu: bootloader: Add u-boot-sifive-unmatched-bootloader....* gnu/bootloader/u-boot.scm (install-sifive-unmatched-u-boot, u-boot-sifive-unmatched-bootloader): New variables. Efraim Flashner
2023-01-18gnu: Add u-boot-ts7970-q-2g-1000mhz-c-bootloader....* gnu/bootloader/u-boot.scm (u-boot-ts7970-q-2g-1000mhz-c-bootloader): New variable. Maxim Cournoyer
2022-12-28gnu: u-boot-am335x-boneblack: Revert to old name....This reverts to the name this package had previous to commit c2c1dfdf5760873f1db86d14873f725a105f7feb ("gnu: bootloader: Add U-Boot packages for Raspberry Pi models."), which caused the package name to be derived from the board name. * gnu/packages/bootloaders.scm (u-boot-am335x-evm-boneblack): Remove the NAME-SUFFIX keyword argument. Specify the full name via the name field. * gnu/bootloader/u-boot.scm (u-boot-beaglebone-black-bootloader): Adjust to the renamed package. Reported-by: Vagrant Cascadian <vagrant@debian.org> Maxim Cournoyer
2022-12-20gnu: u-boot-am335x-evm-boneblack: Fix variable name....* gnu/packages/bootloaders.scm (u-boot-am335x-boneblack): Rename to... (u-boot-am335x-evm-boneblack), to match the package name. * gnu/bootloader/u-boot.scm (u-boot-beaglebone-black-bootloader): Adjust accordingly. Maxim Cournoyer
2021-05-29gnu: bootloader: Fix install-allwinner64-u-boot....This fixes boot breakage introduced in commit: a65c935e29766940148d52b8116634b1e1cbcba6 Multiple files were still needed, but the filenames changed. * gnu/bootloader/u-boot.scm (install-allwinner64-u-boot): Update to use both SPL and u-boot files with new filenames. Vagrant Cascadian