X-Git-Url: https://git.piment-noir.org/?p=deb_xorg-server.git;a=blobdiff_plain;f=debian%2Fpatches%2FCVE-2014-8xxx%2F0000-glx-check-return.patch;fp=debian%2Fpatches%2FCVE-2014-8xxx%2F0000-glx-check-return.patch;h=a65217414b4f0cfcef8b12368c192d63fe79714c;hp=0000000000000000000000000000000000000000;hb=7217e0ca50bba73dad94782e67980aeeb24ab693;hpb=a09e091a5c996d46a398abb27b06fe504591673f diff --git a/debian/patches/CVE-2014-8xxx/0000-glx-check-return.patch b/debian/patches/CVE-2014-8xxx/0000-glx-check-return.patch new file mode 100644 index 0000000..a652174 --- /dev/null +++ b/debian/patches/CVE-2014-8xxx/0000-glx-check-return.patch @@ -0,0 +1,184 @@ +From 61a292adf45405641de1c522a04c148e0a152acd Mon Sep 17 00:00:00 2001 +From: Keith Packard +Date: Thu, 9 Oct 2014 15:17:17 +0200 +Subject: glx: check return from __glXGetAnswerBuffer + +This function can return NULL; make sure every caller tests for that. + +Reviewed-by: Adam Jackson +Signed-off-by: Keith Packard + +diff --git a/glx/indirect_dispatch.c b/glx/indirect_dispatch.c +index 329b2e6..f6cabef 100644 +--- a/glx/indirect_dispatch.c ++++ b/glx/indirect_dispatch.c +@@ -2464,6 +2464,9 @@ __glXDisp_AreTexturesResident(__GLXclientState * cl, GLbyte * pc) + GLboolean answerBuffer[200]; + GLboolean *residences = + __glXGetAnswerBuffer(cl, n, answerBuffer, sizeof(answerBuffer), 1); ++ ++ if (residences == NULL) ++ return BadAlloc; + retval = + glAreTexturesResident(n, (const GLuint *) (pc + 4), residences); + __glXSendReply(cl->client, residences, n, 1, GL_TRUE, retval); +@@ -2488,6 +2491,9 @@ __glXDisp_AreTexturesResidentEXT(__GLXclientState * cl, GLbyte * pc) + GLboolean answerBuffer[200]; + GLboolean *residences = + __glXGetAnswerBuffer(cl, n, answerBuffer, sizeof(answerBuffer), 1); ++ ++ if (residences == NULL) ++ return BadAlloc; + retval = + glAreTexturesResident(n, (const GLuint *) (pc + 4), residences); + __glXSendReply(cl->client, residences, n, 1, GL_TRUE, retval); +@@ -2593,6 +2599,9 @@ __glXDisp_GenTextures(__GLXclientState * cl, GLbyte * pc) + GLuint *textures = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (textures == NULL) ++ return BadAlloc; + glGenTextures(n, textures); + __glXSendReply(cl->client, textures, n, 4, GL_TRUE, 0); + error = Success; +@@ -2616,6 +2625,9 @@ __glXDisp_GenTexturesEXT(__GLXclientState * cl, GLbyte * pc) + GLuint *textures = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (textures == NULL) ++ return BadAlloc; + glGenTextures(n, textures); + __glXSendReply(cl->client, textures, n, 4, GL_TRUE, 0); + error = Success; +@@ -3883,6 +3895,9 @@ __glXDisp_GenQueries(__GLXclientState * cl, GLbyte * pc) + GLuint *ids = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (ids == NULL) ++ return BadAlloc; + GenQueries(n, ids); + __glXSendReply(cl->client, ids, n, 4, GL_TRUE, 0); + error = Success; +@@ -4253,6 +4268,9 @@ __glXDisp_GenProgramsARB(__GLXclientState * cl, GLbyte * pc) + GLuint *programs = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (programs == NULL) ++ return BadAlloc; + GenProgramsARB(n, programs); + __glXSendReply(cl->client, programs, n, 4, GL_TRUE, 0); + error = Success; +@@ -4630,6 +4648,10 @@ __glXDisp_GenFramebuffers(__GLXclientState * cl, GLbyte * pc) + GLuint *framebuffers = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (framebuffers == NULL) ++ return BadAlloc; ++ + GenFramebuffers(n, framebuffers); + __glXSendReply(cl->client, framebuffers, n, 4, GL_TRUE, 0); + error = Success; +@@ -4655,6 +4677,9 @@ __glXDisp_GenRenderbuffers(__GLXclientState * cl, GLbyte * pc) + GLuint *renderbuffers = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (renderbuffers == NULL) ++ return BadAlloc; + GenRenderbuffers(n, renderbuffers); + __glXSendReply(cl->client, renderbuffers, n, 4, GL_TRUE, 0); + error = Success; +diff --git a/glx/indirect_dispatch_swap.c b/glx/indirect_dispatch_swap.c +index 647d0c9..c0bb64d 100644 +--- a/glx/indirect_dispatch_swap.c ++++ b/glx/indirect_dispatch_swap.c +@@ -2731,6 +2731,9 @@ __glXDispSwap_AreTexturesResident(__GLXclientState * cl, GLbyte * pc) + GLboolean answerBuffer[200]; + GLboolean *residences = + __glXGetAnswerBuffer(cl, n, answerBuffer, sizeof(answerBuffer), 1); ++ ++ if (residences == NULL) ++ return BadAlloc; + retval = + glAreTexturesResident(n, + (const GLuint *) +@@ -2759,6 +2762,9 @@ __glXDispSwap_AreTexturesResidentEXT(__GLXclientState * cl, GLbyte * pc) + GLboolean answerBuffer[200]; + GLboolean *residences = + __glXGetAnswerBuffer(cl, n, answerBuffer, sizeof(answerBuffer), 1); ++ ++ if (residences == NULL) ++ return BadAlloc; + retval = + glAreTexturesResident(n, + (const GLuint *) +@@ -2878,6 +2884,9 @@ __glXDispSwap_GenTextures(__GLXclientState * cl, GLbyte * pc) + GLuint *textures = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (textures == NULL) ++ return BadAlloc; + glGenTextures(n, textures); + (void) bswap_32_array((uint32_t *) textures, n); + __glXSendReplySwap(cl->client, textures, n, 4, GL_TRUE, 0); +@@ -2903,6 +2912,9 @@ __glXDispSwap_GenTexturesEXT(__GLXclientState * cl, GLbyte * pc) + GLuint *textures = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (textures == NULL) ++ return BadAlloc; + glGenTextures(n, textures); + (void) bswap_32_array((uint32_t *) textures, n); + __glXSendReplySwap(cl->client, textures, n, 4, GL_TRUE, 0); +@@ -4290,6 +4302,9 @@ __glXDispSwap_GenQueries(__GLXclientState * cl, GLbyte * pc) + GLuint *ids = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ if (ids == NULL) ++ return BadAlloc; ++ + GenQueries(n, ids); + (void) bswap_32_array((uint32_t *) ids, n); + __glXSendReplySwap(cl->client, ids, n, 4, GL_TRUE, 0); +@@ -4697,6 +4712,9 @@ __glXDispSwap_GenProgramsARB(__GLXclientState * cl, GLbyte * pc) + GLuint *programs = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ if (programs == NULL) ++ return BadAlloc; ++ + GenProgramsARB(n, programs); + (void) bswap_32_array((uint32_t *) programs, n); + __glXSendReplySwap(cl->client, programs, n, 4, GL_TRUE, 0); +@@ -5122,6 +5140,10 @@ __glXDispSwap_GenFramebuffers(__GLXclientState * cl, GLbyte * pc) + GLuint *framebuffers = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (framebuffers == NULL) ++ return BadAlloc; ++ + GenFramebuffers(n, framebuffers); + (void) bswap_32_array((uint32_t *) framebuffers, n); + __glXSendReplySwap(cl->client, framebuffers, n, 4, GL_TRUE, 0); +@@ -5149,6 +5171,10 @@ __glXDispSwap_GenRenderbuffers(__GLXclientState * cl, GLbyte * pc) + GLuint *renderbuffers = + __glXGetAnswerBuffer(cl, n * 4, answerBuffer, sizeof(answerBuffer), + 4); ++ ++ if (renderbuffers == NULL) ++ return BadAlloc; ++ + GenRenderbuffers(n, renderbuffers); + (void) bswap_32_array((uint32_t *) renderbuffers, n); + __glXSendReplySwap(cl->client, renderbuffers, n, 4, GL_TRUE, 0); +-- +cgit v0.10.2 +