fix CVE-2020-8002 CVE-2020-8003

Signed-off-by: AlexChen <alex.chen@huawei.com>

backport-CVE-2020-8002.patch

@@ -0,0 +1,34 @@
+From 63bcca251f093d83da7e290ab4bbd38ae69089b5 Mon Sep 17 00:00:00 2001
+From: Gert Wollny <gert.wollny@collabora.com>
+Date: Wed, 15 Jan 2020 13:43:58 +0100
+Subject: [PATCH] vrend: Don't try launching a grid if no CS is available
+
+Closes #155
+
+Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
+Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
+---
+ src/vrend_renderer.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
+index a054bad..2280fc4 100644
+--- a/src/vrend_renderer.c
++++ b/src/vrend_renderer.c
+@@ -4604,6 +4604,13 @@ void vrend_launch_grid(struct vrend_context *ctx,
+       }
+       ctx->sub->shader_dirty = true;
+    }
++
++   if (!ctx->sub->prog) {
++      fprintf(stderr, "%s: Skipping compute shader execution due to missing shaders: %s\n",
++                   __func__, ctx->debug_name);
++      return;
++   }
++
+    vrend_use_program(ctx, ctx->sub->prog->id);
+ 
+    int sampler_id = 0, ubo_id = 0;
+-- 
+2.27.0
+

backport-CVE-2020-8003.patch

@@ -0,0 +1,41 @@
+From 2426c4e1969bc875064a4c918aac14c8072a37c7 Mon Sep 17 00:00:00 2001
+From: Gert Wollny <gert.wollny@collabora.com>
+Date: Mon, 13 Jan 2020 10:03:19 +0100
+Subject: [PATCH] vrend: Don't free resource struct in
+ _resource_allocate_texture
+
+The structure is allocated outside this function and also deleted there
+if texture creation failes or it is asserted that it doesn't fail
+for intermediate blitting textures. Therefore, don't free the struct inside
+this function when allocation fails.
+
+Closes #154
+
+Signed-off-by: Gert Wollny <gert.wollny@collabora.com>
+---
+ src/vrend_renderer.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
+index 4a3b9dc..189372a 100644
+--- a/src/vrend_renderer.c
++++ b/src/vrend_renderer.c
+@@ -5688,7 +5688,6 @@ static int vrend_renderer_resource_allocate_texture(struct vrend_resource *gr,
+ 
+    if (internalformat == 0) {
+       fprintf(stderr,"unknown format is %d\n", pr->format);
+-      FREE(gt);
+       return EINVAL;
+    }
+ 
+@@ -5697,7 +5696,6 @@ static int vrend_renderer_resource_allocate_texture(struct vrend_resource *gr,
+          glEGLImageTargetTexture2DOES(gr->target, (GLeglImageOES) image_oes);
+       } else {
+          fprintf(stderr, "missing GL_OES_EGL_image_external extension\n");
+-	 FREE(gr);
+ 	 return EINVAL;
+       }
+    } else if (pr->nr_samples > 1) {
+-- 
+2.27.0
+

virglrenderer.spec

@@ -1,6 +1,6 @@
 Name:		virglrenderer
 Version:	0.7.0
-Release:	2
+Release:	3
 Summary:	VirGL virtual OpenGL renderer
 License:	MIT
 URL: https://virgil3d.github.io
@@ -12,6 +12,8 @@ Patch1:  backport-CVE-2019-18389.patch
 Patch2:  backport-CVE-2019-18391.patch
 Patch3:  backport-vrend-Keep-the-max-texture-sizes-in-the-vrend_state.patch
 Patch4:  backport-CVE-2019-18388.patch
+Patch5:  backport-CVE-2020-8002.patch
+Patch6:  backport-CVE-2020-8003.patch
 
 BuildRequires:	autoconf
 BuildRequires:	automake
@@ -66,6 +68,9 @@ rm -rf %{buildroot}%{_bindir}/virgl_test_server
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Tue Mar 1 2022 AlexChen <alex.chen@huawei.com> - 0.7.0-3
+- Fix CVE-2020-8002 CVE-2020-8003
+
 * Thu Nov 4 2021 panxiaohe <panxiaohe@huawei.com> - 0.7.0-2
 - Fix CVE-2019-18388 CVE-2019-18389 CVE-2019-18390 CVE-2019-18391