Mesa (master): mesa: Avoid out-of-bounds stack read via _mesa_Materiali
Nicolai Hähnle
nh at kemper.freedesktop.org
Wed Mar 22 11:13:02 UTC 2017
Module: Mesa
Branch: master
Commit: c2dfff280ba7d0857e350581496daa17cccacb84
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=c2dfff280ba7d0857e350581496daa17cccacb84
Author: Nicolai Hähnle <nicolai.haehnle at amd.com>
Date: Wed Feb 22 18:06:46 2017 +0100
mesa: Avoid out-of-bounds stack read via _mesa_Materiali
MATERIALFV may end up reading up to 4 floats from the passed parameter.
This should really set a GL_INVALID_ENUM error in the cases where it
matters, but does anybody really care?
Found by ASAN in piglit gl-1.0-beginend-coverage.
v2: fix a trivial compiler warning
Reviewed-by: Marek Olšák <marek.olsak at amd.com> (v1)
Reviewed-by: Ian Romanick <ian.d.romanick at intel.com> (v1)
---
src/mesa/main/api_loopback.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/mesa/main/api_loopback.c b/src/mesa/main/api_loopback.c
index 8b63d9c0e9..59b59d3a9e 100644
--- a/src/mesa/main/api_loopback.c
+++ b/src/mesa/main/api_loopback.c
@@ -865,8 +865,9 @@ _mesa_Materialf( GLenum face, GLenum pname, GLfloat param )
void GLAPIENTRY
_mesa_Materiali(GLenum face, GLenum pname, GLint param )
{
- GLfloat p = (GLfloat) param;
- MATERIALFV(face, pname, &p);
+ GLfloat p[4];
+ p[0] = (GLfloat) param;
+ MATERIALFV(face, pname, p);
}
void GLAPIENTRY
More information about the mesa-commit
mailing list