← Back to branch summary

~ubuntu-branches/ubuntu/precise/mesa/precise-security

« back to all changes in this revision

Viewing changes to src/glx/apple/apple_glx_surface.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers, Steve Beattie
  • Date: 2012-10-19 09:04:04 UTC
  • mfrom: (163.1.4 precise-proposed)
  • Revision ID: package-import@ubuntu.com-20121019090404-5zbjpsp6knv7zl3b
Tags: 8.0.4-0ubuntu0.2
https://launchpad.net/bugs/1046933
[ Steve Beattie ]
* SECURITY UPDATE: samplers array overflow (LP: #1046933)
  - debian/patches/50-CVE-2012-2864.patch: ensure that more than
    MAX_SAMPLERS are not used
  - CVE-2012-2864

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/glx/apple/apple_glx_surface.c
206
206
   if (d) {
207
207
      d->types.surface.pending_destroy = true;
208
208
      d->release(d);
 
209
 
209
210
      /* 
210
211
       * We release 2 references to the surface.  One was acquired by
211
212
       * the find, and the other was leftover from a context, or 
216
217
       * to actually destroy it when the pending_destroy is processed
217
218
       * by a glViewport callback (see apple_glx_context_update()).
218
219
       */
219
 
      d->destroy(d);
220
 
 
221
 
      d->unlock(d);
 
220
      if (!d->destroy(d)) {
 
221
          /* apple_glx_drawable_find_by_uid returns a locked drawable */
 
222
          d->unlock(d);
 
223
      }
222
224
   }
223
225
}