Stefan Dirsch
2fb7449ee5
* NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId()
(CVE-2023-45913, bsc#1222040)
- u_mesa-CVE-2023-45919.patch
* buffer over-read in glXQueryServerString()
(CVE-2023-45919, bsc#1222041)
- u_mesa-CVE-2023-45922.patch
* segmentation violation in __glXGetDrawableAttribute()
(CVE-2023-45922, bsc#1222042)
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/Mesa?expand=0&rev=1335
16 lines
688 B
Diff
16 lines
688 B
Diff
src/glx/glx_pbuffer.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
Index: mesa-24.2.3/src/glx/glx_pbuffer.c
|
|
===================================================================
|
|
--- mesa-24.2.3.orig/src/glx/glx_pbuffer.c
|
|
+++ mesa-24.2.3/src/glx/glx_pbuffer.c
|
|
@@ -329,7 +329,7 @@ __glXGetDrawableAttribute(Display * dpy,
|
|
/* Search the set of returned attributes for the attribute requested by
|
|
* the caller.
|
|
*/
|
|
- for (i = 0; i < num_attributes; i++) {
|
|
+ for (i = 0; i < num_attributes && i * 2 + 1 < length; i++) {
|
|
if (data[i * 2] == attribute) {
|
|
found = 1;
|
|
*value = data[(i * 2) + 1];
|