vrend: Add test to resource OOB write and fix it (CVE-2022-0135)

2022-08-27 17:47:38 +08:00 · 2022-08-27 17:47:38 +08:00 · a162182b68
commit a162182b68
parent 03bf1a3b79
2 changed files with 38 additions and 1 deletions
--- a/backport-CVE-2022-0135.patch
+++ b/backport-CVE-2022-0135.patch
@ -0,0 +1,33 @@
 From 95e581fd181b213c2ed7cdc63f2abc03eaaa77ec Mon Sep 17 00:00:00 2001
 From: Gert Wollny <gert.wollny@collabora.com>
 Date: Tue, 30 Nov 2021 10:17:26 +0100
 Subject: [PATCH] vrend: Add test to resource OOB write and fix it
 v2: Also check that no depth != 1 has been send when none is due
 Closes: #250
 Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
 Reviewed-by: Chia-I Wu <olvaffe@gmail.com>
 ---
 src/vrend_renderer.c        |  3 +++
 1 file changed, 3 insertions(+)
 diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
 index 28f6697..357b81b 100644
 --- a/src/vrend_renderer.c
 +++ b/src/vrend_renderer.c
@@ -7833,8 +7833,11 @@ static int vrend_renderer_transfer_write_iov(struct vrend_context *ctx,
                                           info->box->height) * elsize;
       if (res->target == GL_TEXTURE_3D ||
           res->target == GL_TEXTURE_2D_ARRAY ||
 +          res->target == GL_TEXTURE_2D_MULTISAMPLE_ARRAY ||
           res->target == GL_TEXTURE_CUBE_MAP_ARRAY)
           send_size *= info->box->depth;
 +      else if (need_temp && info->box->depth != 1)
 +         return EINVAL;
       if (need_temp) {
          data = malloc(send_size);
 -- 
 2.27.0
--- a/virglrenderer.spec
+++ b/virglrenderer.spec
@ -1,6 +1,6 @@
 Name:		virglrenderer
 Version:	0.7.0
-Release:	4
+Release:	5
 Summary:	VirGL virtual OpenGL renderer
 License:	MIT
 URL: https://virgil3d.github.io
@ -15,6 +15,7 @@ Patch4:  backport-CVE-2019-18388.patch
 Patch5:  backport-CVE-2020-8002.patch
 Patch6:  backport-CVE-2020-8003.patch
 Patch7:  backport-CVE-2022-0175.patch
 Patch8:  backport-CVE-2022-0135.patch
 BuildRequires:	autoconf
 BuildRequires:	automake
@ -69,6 +70,9 @@ rm -rf %{buildroot}%{_bindir}/virgl_test_server
 %{_libdir}/pkgconfig/*.pc
 %changelog
 * Sat Aug 27 2022 yezengruan <yezengruan@huawei.com> - 0.7.0-5
 - vrend: Add test to resource OOB write and fix it (CVE-2022-0135)
 * Wed Jul 06 2022 yezengruan <yezengruan@huawei.com> - 0.7.0-4
 - vrend: clear memory when allocating a host-backed memory resource (CVE-2022-0175)