[Mesa-dev] [PATCH] mapi: Make private copies of name strings provided by client.

[Mario Kleiner]

glXGetProcAddress("glFoo") ends up in stub_add_dynamic() to
create dynamic stubs for dynamic functions. stub_add_dynamic()
doesn't store the caller provided name string "Foo" in a mesa
private copy, but just stores a pointer to the "glFoo" string
passed to glXGetProcAddress - a pointer into arbitrary memory
outside mesa's control.

If the caller passes some dynamically allocated/changing
memory buffer to glXGetProcAddress(), or the caller gets unmapped
from memory, e.g., some dynamically loaded application
plugin which uses OpenGL, this ends badly - with a dangling
pointer.

strdup() the name string provided by the client to avoid
this problem.

Cc: "10.3 10.4 10.5" <mesa-stable at lists.freedesktop.org>
Signed-off-by: Mario Kleiner <mario.kleiner.de at gmail.com>
---
 src/mapi/stub.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mapi/stub.c b/src/mapi/stub.c
index dfadbe1..45ccc6a 100644
--- a/src/mapi/stub.c
+++ b/src/mapi/stub.c
@@ -110,7 +110,7 @@ stub_add_dynamic(const char *name)
    if (!stub->addr)
       return NULL;
 
-   stub->name = (const void *) name;
+   stub->name = (const void *) strdup(name);
    /* to be fixed later */
    stub->slot = -1;
 
-- 
2.1.0