fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-05-05 03:08:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

egl/dri: Avoid out of bounds array access

Browse source 
indexConfigAttrib iterates over every index in the dri driver, possibly
exceeding __DRI_ATTRIB_MAX. In other words, if the dri driver has newer
attributes libEGL will end up reading from uninitialized memory through
dri2_to_egl_attribute_map[].

Signed-off-by: Kevin Strasser <kevin.strasser@intel.com>
Cc: mesa-stable@lists.freedesktop.org
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
This commit is contained in:
Kevin Strasser 2019-01-28 10:42:44 -08:00 committed by Emil Velikov
parent 97ad0efba0
commit 70b36c0ef9
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/egl/drivers/dri2/egl_dri2.c
View file

@ -213,8 +213,10 @@ dri2_add_config(_EGLDisplay *disp, const __DRIconfig *dri_config, int id,
bind_to_texture_rgb = 0;
bind_to_texture_rgba = 0;
for (int i = 0; dri2_dpy->core->indexConfigAttrib(dri_config, i, &attrib,
&value); ++i) {
for (int i = 0; i < __DRI_ATTRIB_MAX; ++i) {
if (!dri2_dpy->core->indexConfigAttrib(dri_config, i, &attrib, &value))
break;
switch (attrib) {
case __DRI_ATTRIB_RENDER_TYPE:
if (value & __DRI_ATTRIB_RGBA_BIT)